For immediate releaseEspoo, Finland, June 10, 1999 - A new e-mail worm has been found and is spreading rapidly through the Internet. This virus works like a chain letter and carries a destructive payload. So far, it has been reported from a dozen countries, including USA, Germany, Norway, Israel and the Czech Republic. The virus is expected to spread globally within hours.
This virus is known as either 'ZippedFiles' or 'ExploreZip'. It arrives to a user via an e-mail attachment. When the attachment is opened, the virus will browse through the inbox of the Microsoft Outlook e-mail program and will send a reply to every message.
As a result, if a user called John Doe has recently received an e-mail from Jane Smith with the subject 'Please check these numbers', John's machine will automatically send a message which will look like this:
From: John DoeThe attachment looks like a WinZip archive file. When the received tries to unpack it by double-clicking it, he will get a WinZip error message complaining about a broken archive:
To: Jane Smith
Subject: RE: Please check these numbers
Hi Jane
I have received your email and I shall send you a reply ASAP.
Till then take a look at the attached zipped docs.
Sincerely
John.
Attachment: zipped_files.exe
Cannot open file: it does not appear to be a valid archive.In addition to spreading like a chain letter, the virus will try to overwrite the user's files on any accessible drives, including all network drives. The files that are overwritten must have one of these extensions:
If this file is part of a ZIP format backup set, insert the last disk of the backup set and try again.
Please press F1 for help.
DOC - Microsoft Word documents
XLS - Microsoft Excel spreadsheets
PPT - Microsoft PowerPoint presentations
ASM - Assembler source files
CPP - C++ source files
If the recipient is using an e-mail system other than Microsoft Outlook, ZippedFiles will not spread further. However, it will damage the recipient's files. ZippedFiles operates under the Windows 95, 98 and NT operating systems.
"This seems to be spreading fast," Mikko Hypponen, Manager of Anti-Virus Research at Data Fellows Corporation, comments, "but not as fast Melissa. The key issue here is that messages sent by ZippedFiles are very credible - they are normal-looking replies to messages you have sent earlier. You're quite likely to trust these messages and open the attachment."
Data Fellows has analysed ZippedFiles and has provided an update to detect and
disinfect it. More technical information on the virus and the update are both available
from http://www.F-Secure.com or
http://www.f-secure.com/v-descs/zipped.shtml
The Company has received numerous awards and citations each year from leading
software magazines and publications around the world. They include being selected one
of the Top 100 Technology companies in the world by Red Herring magazine in its
September 1998 issue and being named Editors Choice by PC Magazine.
For further information, please contact
Hong Kong:
Yui Kee Co. Ltd.
Mr. Allan Dyer, Technical Director
Tel: +852 28708555
Fax: +852 28736164
e-mail: adyer@yuikee.com.hk
or visit the Yui Kee web site at http://www.yuikee.com.hk/
USA:
Data Fellows Corporation
675 N. First Street, 8th Floor
San Jose, CA 95112
tel (408) 938-6700; fax (408) 938-6701
or
Europe:
Data Fellows Corporation
Mikko Hypponen, Manager, Anti-Virus Research.
PL 24
FIN-02231 ESPOO
tel s +358 9 8599 0513
fax +358 9 8599 0599
e-mail: Mikko.Hypponen@F-Secure.com