They're ba-a-a-a-ack! Get ready for another assault from the e-mail-borne viruses ExploreZip and Melissa. These viruses have just re-appeared in a new morphed state to destroy their victims' data files.
The ExploreZip worm, you may recall from last June, can spread on Windows 95, 98 and NT computers using Microsoft Outlook, Outlook Express and Exchange e-mail. Its lethal payload is an attached "zip" file that the victim is urged to open. Once he does, he can kiss the data stored in his C drive source files, Word or Excel documents good-bye forever.
The new variant striking this week, called W32/ExploreZip.worm.pak or simply the "MiniZip virus," works exactly the same way. In fact, it is the exact same computer virus, treated to a data compression method. This compression reduces the virus to 128K bytes instead of 240K bytes, virus experts say. That means the antivirus software that does protect against the original ExploreZip may not spot this week's compressed MiniZip.
But some packages apparently will. "Our Norton antivirus software uses a heuristics methods that will allow it to detect and eradicate MiniZip," says Vincent Weafer, director of Symantec's Antivirus Research Center.
Computer users should check with their antivirus software vendors to make sure the defenses they are using have been properly updated to spot MiniZip. The vendors have this information readily available on their Web sites.
The second menace identified this week is a variant of the famed Melissa macrovirus which clogged corporate e-mail servers last March because it propagated so rapidly across the Internet. This version is in Spanish, Weafer says. "We originally spotted it coming out of Europe," he adds.
Like its predecessor, the new Melissa.AA doesn't carry a baneful payload of destruction when the unwary victim opens the attachment that the e-mail bears. But the virus does spread quickly - it grabs 100 addresses from the victim's Outlook directory and mails itself off. The original Melissa only grabbed 50. In the course of this happening, confidential documents can get mailed off the desktop of the unwitting as well.
Both Melissa viruses can replace any highlighted text in an open Word document with a space character. And these macroviruses might mail off confidential documents from the desktops of their victims.
Once again, antivirus software users should check with their vendors to be sure updates against the old Melissa will also protect against the new one.
Antivirus software vendor Network Associates emphasized it is critical for users to get the upgrade to NAI's Total Virus Defense products in order to combat the MiniZip virus. That can be done by going to www.nai.com.
"Over thirty companies are reporting MiniZip attacks to us," NAI Product Manager Sal Viveros says. "Thousands of systems are being hit."
RELATED LINKS
Other recent articles by Messmer
Feedback
Tell us your thoughts on this article or the issues it raises.
