IBIS REFLECTOR VIRUS ALERT

From: Bob Ross <bob_ross@mentorg.com>
Date: Wed Dec 01 1999 - 10:56:14 PST

To All:

If you receive a message shown below, DO NOT OPEN the attached
zipped_files.exe file:

--------------------------------------------------------------

Hi <your name> !
I received your email and I shall send you a reply ASAP.
Till then, take a look at the attached zipped docs.
bye.
 <<zipped_files.exe>>

--------------------------------------------------------------

Many Corporations are already dealing with a new variant of the
autospam TROJ_EXPLOREZIP worm: TROJ_EXPZIPWMPAK.

Some machines on the IBIS reflector e-mail lists may have
already been infected.

When you send any e-mail through the IBIS reflectors or directly,
you may get the above response sent directly back to you. DO NOT
OPEN the attached zipped_files.exe file. Below is part of an
explaination sent out on my site:

> After a user clicks on the attachment, this destructive trojan
> searches hard drives C: through Z:, selecting the Microsoft Word,
> Excel and PowerPoint files as well as source code files used by
> programmers including C++, C, and Assembler source files and
> reduces their file size to zero, making the data unrecoverable.
> When executed, TROJ_EXPZIPWMPAK utilizes MAPI enabled email
> systems, to automatically reply to any subsequently received
> email messages. The email reply will include the infected
> attachment with the message shown above. It will use the
> subject line of the received email when it replies.
>
> "TROJ_EXPLOREZIP caused millions of dollars of damage worldwide
> the first time since it overwrites files, instead of just deleting
> them, it's particularly damaging.

Bob Ross
Mentor Graphics
Received on Wed Dec 1 10:57:26 1999

This archive was generated by hypermail 2.1.8 : Fri Jun 03 2011 - 09:53:46 PDT