ExploreZip
Encyclopedia
ExploreZip, also known as I-Worm.ZippedFiles, is a destructive computer worm
which attacks machines running Microsoft Windows
. It was first discovered in Israel
on June 6, 1999.Worm.ExploreZip is a worm that contains a malicious payload. The worm utilizes Microsoft Outlook, Outlook Express, or Exchange to mail itself out by replying to unread messages in your Inbox. The email attachment is Zipped_files.exe.The worm also searches mapped drives and networked computers for Windows installations. If found, it copies itself to the \Windows folder of the remote computer and then modifies the Win.ini file of the infected computer.On January 8, 2003, Security Response discovered a packed variant of this threat which exhibits the same characteristics. Protection will be available for this new variant in virus definitions dated 1/8/2003 with a version number of 50108q (20030108.017) or greater.
message with the words:
Hi!
I have received your email and I shall send you a reply ASAP. Till then take a look at the attached zipped docs.
Bye!
with the name ZIPPED_FILES.EXE. If opened, a dialog box
appears in Windows resembling the one normally appearing when opening a corrupted Zip
archive, while the worm copies itself onto the machine's hard drive. It also modifies the WIN.INI
file (Windows 9x
) or the Windows Registry
(Windows NT
) so that it re-executes on reboot
.
The worm looks for a copy of Microsoft Outlook
to mail itself to all other people in the user's address book
and also destroys Microsoft Office
documents and C
and C++
source files
on the user's hard-drive by overwriting them with zero-byte files.
Computer worm
A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...
which attacks machines running Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
. It was first discovered in Israel
Israel
The State of Israel is a parliamentary republic located in the Middle East, along the eastern shore of the Mediterranean Sea...
on June 6, 1999.Worm.ExploreZip is a worm that contains a malicious payload. The worm utilizes Microsoft Outlook, Outlook Express, or Exchange to mail itself out by replying to unread messages in your Inbox. The email attachment is Zipped_files.exe.The worm also searches mapped drives and networked computers for Windows installations. If found, it copies itself to the \Windows folder of the remote computer and then modifies the Win.ini file of the infected computer.On January 8, 2003, Security Response discovered a packed variant of this threat which exhibits the same characteristics. Protection will be available for this new variant in virus definitions dated 1/8/2003 with a version number of 50108q (20030108.017) or greater.
Distribution
It is distributed in the form of an e-mailE-mail
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
message with the words:
Hi!
I have received your email and I shall send you a reply ASAP. Till then take a look at the attached zipped docs.
Bye!
Payload
The message includes an attachmentE-mail attachment
An email attachment is a computer file sent along with an email message. One or more files can be attached to any email message, and be sent along with it to the recipient. This is typically used as a simple method to share documents and images...
with the name ZIPPED_FILES.EXE. If opened, a dialog box
Dialog box
In a graphical user interface of computers, a dialog box is a type of window used to enable reciprocal communication or "dialog" between a computer and its user. It may communicate information to the user, prompt the user for a response, or both...
appears in Windows resembling the one normally appearing when opening a corrupted Zip
ZIP (file format)
Zip is a file format used for data compression and archiving. A zip file contains one or more files that have been compressed, to reduce file size, or stored as is...
archive, while the worm copies itself onto the machine's hard drive. It also modifies the WIN.INI
WIN.INI
WIN.INI is a basic INI file that was used in versions of the Microsoft Windows operating environment up to Windows 3.11 to store basic settings at boot time. By default, all font, communications drivers, wallpaper, screen saver, and language settings were stored in WIN.INI by Windows 3.x...
file (Windows 9x
Windows 9x
Windows 9x is a generic term referring to a series of Microsoft Windows computer operating systems produced since 1995, which were based on the original and later modified Windows 95 kernel...
) or the Windows Registry
Windows registry
The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user...
(Windows NT
Windows NT
Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement...
) so that it re-executes on reboot
Booting
In computing, booting is a process that begins when a user turns on a computer system and prepares the computer to perform its normal operations. On modern computers, this typically involves loading and starting an operating system. The boot sequence is the initial set of operations that the...
.
The worm looks for a copy of Microsoft Outlook
Microsoft Outlook
Microsoft Outlook is a personal information manager from Microsoft, available both as a separate application as well as a part of the Microsoft Office suite...
to mail itself to all other people in the user's address book
Address book
An address book or a name and address book is a book or a database used for storing entries called contacts. Each contact entry usually consists of a few standard fields...
and also destroys Microsoft Office
Microsoft Office
Microsoft Office is a non-free commercial office suite of inter-related desktop applications, servers and services for the Microsoft Windows and Mac OS X operating systems, introduced by Microsoft in August 1, 1989. Initially a marketing term for a bundled set of applications, the first version of...
documents and C
C (programming language)
C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....
and C++
C++
C++ is a statically typed, free-form, multi-paradigm, compiled, general-purpose programming language. It is regarded as an intermediate-level language, as it comprises a combination of both high-level and low-level language features. It was developed by Bjarne Stroustrup starting in 1979 at Bell...
source files
Source code
In computer science, source code is text written using the format and syntax of the programming language that it is being written in. Such a language is specially designed to facilitate the work of computer programmers, who specify the actions to be performed by a computer mostly by writing source...
on the user's hard-drive by overwriting them with zero-byte files.
External links
- Worm.ExploreZip – Symantec.com
- The ExploreZip worm - Computer Incident Advisory Capability (US Department of Energy)