Thursday December 02 12:26 PM EST

Worm Virus Cripples Corporate Computers SANTA CLARA, Calif. (APBnews.com) -- A deadly new version of a destructive computer worm has crippled e-mail systems among Fortune 500 companies and others, chewed up files and created havoc among the corporations that sought to limit the damage.

However, the overall damage to corporate users remains unclear, although computer security experts at two anti-virus software companies estimated that at least a dozen companies reported being hit. The companies are remaining mum.

The larger companies were more susceptible, because they run vast networks that easily can spread the destructive program.

The virus comes at a time when the final Y2K computer bugs are being ironed out or retested.

Dubbed Mini-Zip, the virus is related to the malicious ExploreZip worm that infected users in June. This worm can spread on Windows 95, 98 and NT computers using Microsoft Outlook, Outlook Express and Exchange e-mail programs, experts said.

"This seems to be spreading fast, but not as fast as Melissa," said Mikko Hypponen, manager of anti-virus research at Data Fellows Corporation. "The key issue here is that messages sent by zipped files are very credible -- they are normal-looking replies to messages you have sent earlier. You're quite likely to trust these messages and open the attachment."

Earlier version cost millions

The Melissa virus, which created problems earlier this year, also clogged corporate e-mail servers. The virus used a combination of Microsoft Word and Outlook software to spread infection using a computer's e-mail address list.

All the major anti-virus software companies are giving the virus a "high-risk" rating because of its destructive nature. The companies have posted virus updates on their Web sites.

"The earlier version caused millions of dollars of damage worldwide the first time around, so we're not taking its second coming lightly," said David Perry, public education director for Trend Micro. "Since it overwrites files, instead of just deleting them, it's particularly damaging, and because of its insidious social engineering, this has the ability to fool a lot of people into innocently opening and triggering it."

Launched by opening trick message

The new version of the virus is nearly identical to the original strain, but with a twist. In order to avoid detection by most anti-virus software, the virus has been concealed using file compression software.

It replies to unread and new mail and sends out the following message: "I received your e-mail and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs."

The virus works like this: After being executed, MiniZip e-mails itself out as an attachment with the filename "zipped_files.exe."

The attached file has a WinZip icon, which is designed to trick unsuspecting users into running it as a self-extracting file. Users who run this attachment will be presented with a fake error message: "Cannot open file: It does not appear to be a valid archive. If this file is part of a zip format backup set, insert the last disk of the backup set and try again. Please press F1 for help."

Erases contents of files

Once executed, the worm proceeds to copy itself to the c:\windows\system directory with the filename "Explore.exe". It then modifies the WIN.INI file so the program is executed each time Windows is started.

It also makes an entry in the registry on Windows NT.

Like ExploreZip.worm, MiniZip erases the contents of files on the user's C: drive. It also will erase the contents of files on all mapped or network drives. This leads to the main threat of this virus, which is that if one person in a company opens the file, all files on the companies shared drive are at risk.

http://dailynews.yahoo.com/h/ao/19991202/cr/19991202006.html

-- LOON (blooney10@aol.com), December 02, 1999

Answers

4 digit years and Macs.

the world could be such a better place.

(sigh)

-- plonk! (realaddress@hotmail.com), December 02, 1999.

Macs RULE !!! And soon they WILL rule! Yea, bout time :-)

-- Ashton & Leska in Cascadia (allaha@earthlink.net), December 02, 1999.

Details from Symantec. And the moral of the story is ... don't trust mail attachments.

-- Rob (rob@planet.rob), December 03, 1999.