Mailing List Archive Mailing List Archive
Please note the following has been received from a number of email/IT sites. It sounds pretty real, so I have passed it on. If this is just SPAM then I apologise, but in this instance, better safe than sorry. Richard Taylor -------------Forwarded Message----------------- Dangerous Email Worm Crawls Net by James Glave = WIRED MAGAZINE 3:00 p.m. 10.Jun.99.PDT Both Intel and Microsoft closed down large sections of their email networ= ks on Thursday in an effort to control a new, hostile Internet worm that may= be more dangerous than the Melissa virus. = The worm, known as W32/ExploreZip.worm, infects the systems of Microsoft Windows users. It travels via email and deletes Microsoft Word, Excel, an= d PowerPoint files, as well as files with the extensions .c, .cpp, .h, and ..asm. = "Melissa had a harmless payload but a high proliferation," said Jeff Platon, vice president of sales for McAfee.com. "This has the ability to = do very serious damage in terms of payload because it is an automatic [email= ] reply from an apparent trusted source." = -------------------------------------------------------------------------= -- - See also: Melissa, Spawned by Spam = -------------------------------------------------------------------------= -- - Platon said that early estimates of victims run in the thousands to tens = of thousands of individual machines. He said it would be a few days before a= n accurate assessment would be available. = Antivirus company McAfee has posted a patch to its Web site that will detect the worm, and contains instructions on how to remove it. = In an effort to halt the spread of the worm, Intel shut down email exchanges between offices in Europe and the Middle East. A Microsoft employee also said that the company had shut off incoming, outgoing, and internal email at the company's Redmond, Washington headquarters. = The worm is unusually clever in its design. The hostile code replies to email with a message containing the same subject line and an attached fil= e that appears to be a .zip archive. = "I received your email and I shall send you a reply ASAP," reads the tric= k email. "Till then, take a look at the attached zipped docs." = Users who click on the apparent archive to open it receive an authentic-looking error message. Meanwhile, the worm immediately searches= the victim's hard drive for Microsoft Word, Excel, and PowerPoint files, and erases their contents. = An internal virus alert mailed to Intel employees hints at the seriousnes= s of the problem. = "The virus originated in Israel," reads an internal virus alert circulate= d among Intel employees. = "At this time, Israel is unable to send and receive email. In addition, t= o isolate this virus, the Greater Europe Region [GER] -- Ireland, EMEA, and= Israel -- cannot send or receive messages from non-Intel sites within GER= , nor can employees in the region send or receive messages from Intel and non-Intel sites in the Americas and the Greater Asia Region." = Intel spokesperson Adam Grossberg said the company's IT department became= aware of the worm in the region and immediately began countermeasures. He= said it would be premature to estimate its effects. = Eric Chien, senior researcher at the Symantec antivirus research center, said there's a key difference between Melissa and WinExplore: one is dangerous because it spreads fast, the other because of the damage it doe= s once it arrives. = "Melissa had a huge fan-out. It caused a pure load of messages sent out t= o hundreds of thousands of emails to servers all over the world," Chien sai= d. "That forced those servers to basically crawl to a halt and be shut down.= " = "In contrast, we don't expect WinExplore to shut down servers due to pure= load. But what makes it so malicious is that it contains a payload. It looks for [and destroys] Microsoft office documents, Excel spreadsheets, and PowerPoint presentations." = Chien said that worm and virus authors are taking advantage of an increasingly connected computer world -- and the ubiquitous Microsoft software within it. = "We're definitely at a critical junction in the antivirus world. Microsof= t Office and Word and Excel's macroviruses [which infected documents from those programs specifically] were a huge threat, especially to corporate enterprise -- which uses Office almost exclusively." = Worm writers take advantage of computers that are connected to the Net 24= hours a day. "Virus writers are using this to spread their worms and Troj= an [horses] even faster than before," he said. = Microsoft could not be reached for comment. = One victim of the worm said she knew something was afoot when staffers in= her office began receiving the same email from everyone in the department= .. = "We turned off our computers and alerted the help desk, but not soon enou= gh -- all our files were deleted," said the victim, who works for a large telecommunications firm and spoke on condition of anonymity. = "I am pretty stoic about it," she said. "I put it into perspective -- it = is a lot better to have something like this to happen and lose work than for= someone to infiltrate our system." = "I hope these talented people will use their genius for good and not evil= ," said the source. = -- Send mail for the `techdiver' mailing list to `techdiver@aquanaut.com'. Send subscribe/unsubscribe requests to `techdiver-request@aquanaut.com'.
Navigate by Author:
[Previous]
[Next]
[Author Search Index]
Navigate by Subject:
[Previous]
[Next]
[Subject Search Index]
[Send Reply] [Send Message with New Topic]
[Search Selection] [Mailing List Home] [Home]