|
Goals
Staff
|
Help Desk and Frequently Asked Questions |
|
|
Goals
Staff
|
Help Desk and Frequently Asked Questions |
This virus threat is *VERY* real, and has already been spread widely across the Internet. It is recommended that you please take precautions that will help to ensure that you nor anyone that you know will NOT become infected with this virus. Please forward this message to all that you know if they run Windows 95, Windows 98, or Windows NT.
There is information about this trojan horse/worm program at http://www.infobeat.com/stories/cgi/story.cgi?id=2559935815-ccc. Please note that this is classified as a worm and that it can reproduce itself and it is able to move from computer without human knowledge or intervention.
CERT, a computer security organization on the Internet, has released two advisories through e-mail on this issue. This is a very widespread computer virus.
The worm has been known to send a message which may or may not appear to be a reply to an e-mail which you have sent, with the message:
I received your email and I shall send you a reply ASAP.
Till then, take a look at the attached zipped docs.
And a file will be attached called zipped_files.exe. CERT warns that "The subject line of the message may not be predictable and may appear to be sent in reply to previous email."
This worm will destroy files and it modifies system files. From the CERT advisory bulletin:
II. Impact
* Users who execute the zipped_files.exe Trojan horse will infect the host system, potentially causing targeted files to be destroyed.
* Users who execute the Trojan horse may also infect other networked systems that have writable shares.
* Because of the large amount of network traffic generated by infected machines, network performance may suffer.
* Indirectly, this Trojan horse could cause a denial of service on mail servers. Several large sites have reported performance problems with their mail servers as a result of the propagation of this Trojan horse.
Use virus scanners
While many anti-virus products are able to detect and remove the executables locally, because of the continuous re-infection process, simply removing all copies of the program from an infected system may leave your system open to re-infection at a later time, perhaps immediately. To prevent re-infection, you must not serve any shares containing a WIN.INI file to any potentially infected machines. If you share files with everyone in your domain, then you must disable shares with WIN.INI files until every machine on your network has been disinfected.
In order to detect and clean current viruses, you must keep your scanning tools up to date with the latest definition files. Please see the following anti-virus vendor resources for more information about the characteristics and removal techniques for the malicious file known as ExploreZip.
Aladdin Knowledge Systems, Inc.
http://www.esafe.com/vcenter/explore.html
Central Command
http://www.avp.com/zippedfiles/zippedfiles.html
Command Software Systems, Inc
http://www.commandcom.com/html/virus/explorezip.html
Computer Associates
http://www.cai.com/virusinfo/virusalert.htm
Data Fellows
http://www.datafellows.com/news/pr/eng/19990610.htm
McAfee, Inc. (a Network Associates company)
http://www.mcafee.com/viruses/explorezip/default.asp
Network Associates Incorporated
http://www.avertlabs.com/public/datafiles/valerts/vinfo/va10185.asp
Sophos, Incorporated
http://www.sophos.com/downloads/ide/index.html#explorez
Symantec
http://www.symantec.com/avcenter/venc/data/worm.explore.zip.html
Trend Micro Incorporated
http://www.antivirus.com/vinfo/alerts.htm
General protection from email Trojan horses and viruses
Some previous examples of malicious files known to have propagated through electronic mail include:
* False upgrade to Internet Explorer - discussed in CA-99-02
http://www.cert.org/advisories/CA-99-02-Trojan-Horses.html
http://www.cert.org/advisories/CA-99-04-Melissa-Macro-Virus.html
http://www.cert.org/incident_notes/IN-99-02.html
http://www.cert.org/incident_notes/IN-99-03.html
Please report problems with these pages to the Helpdesk pagemaster.
E-mail US