New Version of computer virus strikes dozens of companies

By MARTHA MENDOZA The Associated Press 12/01/99 4:46 PM Eastern

SUNNYVALE, Calif. (AP) -- Banc of America and Disney's Go.com are among dozens of companies hit by a new version of a computer virus that spreads by e-mail and destroys computer files.

Anti-virus software makers who reported the outbreak of the "MiniZip" virus warned computer users on Wednesday against opening any file attached to suspicious e-mail.

Government-affiliated experts declined to issue any alert, saying they hadn't received any direct reports of the virus.

In fact, fears of the outbreak may have been spreading faster on Wednesday than the virus: Network Associates, a leading maker of anti-virus software, reported that visits to its Web site increased more than tenfold compared with Tuesday.

MiniZip is a compressed version of Worm.ExploreZip, the virus that struck hundreds of thousands of computers at major companies in June.

The new version, first reported last week, was detected on Tuesday at Go.com, worming its way through computer hard drives at the headquarters of online network and search engine.

Within hours, all staff had been warned not to open any file attached to any e-mail that's packaged as a friendly response to an earlier message. Such attachments, they were told, may contain a virus that would destroy files stored on their machines.

"A handful of computers were affected before we caught it," said GO.com spokeswoman Shelly Greenhalgh. "It could have been much worse."

The MiniZip also was discovered on Tuesday at Banc of America, but did no permanent damage because files are copies on back-up systems.

"It made for a hectic day for our information technology department," said Jennifer Smith, spokeswoman for San Francisco-based Banc of America Securities. "Everyone had to log off so they could clear our system."

As with Worm.ExploreZip, the MiniZip is only known to attack computers using Microsoft operating systems Windows 95, Windows 98, and Windows NT. Rival operating systems such as Macintosh and Unix apparently are not vulnerable.

On an infected computer, the MiniZip reads the addresses of new and unread e-mail and automatically sends itself as a response, changing the subject line from, for example, "Work Meeting" to "Re: Work Meeting."

The body of the message reads: "Hi (recipient's name)! I received your e-mail and I shall send you an e-mail ASAP. Till then, take a look at the attached zipped docs. bye."

Don't click on that attachment, experts said. Opening it leads to the destruction of various files on a computer, which are then replaced with empty files.

"I have to say that this is a particularly insidious virus," said Carey Nachenberg, chief researcher at Symantec Corp.'s anti-virus research center in Cupertino, Calif. "This is both a very fast spreading computer virus, and also very damaging."

Computer users can protect uninfected machines by downloading free fixes on the Internet from various anti-virus software companies.

Sal Viveros, a marketing manager for Network Associates, a Santa Clara-based company that also writes anti-virus software, said prevention is key -- recovery rare.

"We've talked to people who lost spreadsheets with budgets on them, letters, documents, presentations," he said. "If the company doesn't back up their files, unfortunately there's not much we can do."

Viveros said that by Wednesday afternoon new reports of the virus were slowing, but that it could take weeks before it is completely eradicated.

-- walrus (eggman@semolina.com), December 01, 1999

Answers

Knowing that people who invent and spread computer viruses are such nice people, I expect they will try to help their country by launching more viruses than ever ... to annoy us when we return to work on January 3, 2000. But it doesn't matter because everything will be fine. Y2K is a hoax. Or maybe it's a systemic software design error. I'm not sure yet. I'm still trying to figure out if anyone is working on the non-mission-critical systems that are not counted in the "99% done" press releases.

-- Richard Greene (rgreene2@ford.com), December 01, 1999.

Yup. This one hit us lunchtime yesterday, Sydney time. We were working until 3.00am to get control, but still not safe yet. Morning news said KPMG and TCN Channel 9 TV got hit bad. Nope, I'm not telling where *I* am working.

-- Sad Aussie (sorry@no.onea.thome.com.au), December 01, 1999.