News

New Strain of Virus Detected

A new variant of the Trojan ExploreZip virus was discovered today. Fixes have been posted on the sites of the three main anti-virus companies, Trend Micro (www.antivirus.com), Symantec (www.symantec.com), and Network Associates Inc. (www.nai.com). The variant, known as TROJ_EXPZIPWMPAK, is identical to the original ExploreZip worm in that it is auto-spamming malicious code that destroys data on the infected system. The only significant difference between this variant of the worm and the original is that the variant is compressed with a different type of compression format, thereby evading standard anti-virus software and protection for the original worm. TROJ_EXPZIPWMPAK attacks Windows 95, 98, and NT systems.

Finjan Software (www.finjan.com) claims that its First-Strike Security software blocks the worm before it has a chance to evade traditional anti-virus software.

TROJ_EXPZIPWMPAK e-mails itself out as an attachment under the filename "zipped_files.exe." The subject line of the e-mail varies. The body of the e-mail message occasionally contains the following text:

Hi <Recipient Name>!
I received your email and I shall send you a
reply ASAP.
Till then, take a look at the attached zipped
docs.
Bye (This salutation varies between Bye, Sincerely, and All)

After a user clicks on the attachment, the variant searches hard drives C: through Z:, selecting the Microsoft Word, Excel, and PowerPoint files as well as source code files used by programmers including C++, C, and Assembler sources files, and reduces their file size to zero, making the data unrecoverable. When executed, TROJ_EXPZIPWMPAK utilizes MAPI-enabled e-mail systems to automatically reply to any subsequently received e-mail messages. The e-mail reply will include the infected attachment with the message shown above. It will use the subject line of the received e-mail when it replies.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Starts Countdown to Dynamics GP End-of-Support

    Dynamics GP, Microsoft's venerable enterprise resource planning (ERP) solution for midsized businesses, is set to lose support in four years.

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • Windows Recall Preview Starts Rolling Out with Windows 11 24H2

    Microsoft on Tuesday began rolling out Windows 11 version 24H2, describing the update as a "full OS swap that contains new foundational elements required to deliver transformational Al experiences and exceptional performance."

  • An image of planes flying around a globe

    2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.