Virus Alert, Detailed, Read it

Date: Fri Jun 11 1999 - 23:08:12 EEST

Keep your eyes open everyone....

There's a new virus in town..... and no it is not the dreaded Good Times
fallacy, this one is for real and it's nasty.

Data virus forces email shutdowns
By Kim Girard
Staff Writer, CNET
June 10, 1999, 7:10 p.m. PT
update Corporations are scrambling to cope with a new data-destroying virus
that is forcing the shutdown of email systems nationwide.

The virus, first reported to the Symantec Antivirus Research Center on Sunday
by five companies in Israel, is called Worm.ExploreZip or Troj_Explore.Zip.
The worm uses Mail Application Programming Interface (MAPI) commands and
Microsoft Outlook on Windows systems to propagate itself, Symantec said.

In some ways, the virus is the sequel to the Melissa virus, which spread with
unprecedented speed in March. Worm.ExploreZip spreads from computer to
computer by taking advantage of automation features available to people using
Microsoft email software on Windows machines.

Although the new virus doesn't spread as fast as Melissa, it causes more
damage, according to antivirus experts, deleting Microsoft Word, Excel, and
Powerpoint document files, among others.

 Several firms have shut down their email systems entirely while IS staff
root out the virus, according to Symantec.

Boeing was hit particularly hard. The Seattle-based aerospace giant shut down
its email system, which is used by at least 150,000 employees, at 2:30 p.m.
today, a company spokesman said. The company was still assessing the damage
caused by the virus, but the spokesman, who asked not to be named, said he
knew of at least one employee whose entire hard drive was wiped out.

"As soon as we became aware of it, we told everyone, and we put a message up
on our internal Web site," he said. Late in the day the email still had not
been restored. The company hopes to have it back up by tomorrow.

PricewaterhouseCoopers took down its entire email system, used by 45,000 U.S.
employees, also at 2:30 p.m. in response to the virus. The company was just
bringing up parts of the system at 7 p.m., a company spokesman said, but he
didn't know how much damage had been done or how many workers had been

Some companies said they disarmed the virus--actually a software
"worm"--before it could cause many problems. Microsoft, for example,
disconnected its email servers from the Internet at about 9 a.m. so that
programmers could work on an antidote, company spokesman Dan Leach said. The
servers were up and running two hours later, he added.

Employees of antivirus software maker Symantec report that they have received
email that includes the worm, which arrives as an attachment to the missives.
Companies such as General Electric and Southern Company have had files
deleted by the virus, according to Bloomberg.

Virus protection firm Trend Micro spokeswoman Susan Orbuch said earlier today
that the company had received 107 calls from customers concerning the virus.
Thirteen of those calls came from those already infected, she said.

Orbuch said that Trend Micro knew of five large companies that had been
infected, as well as several public relations firms and a magazine. She
declined to name the companies.

Nate Meyer, spokesman for Credit Suisse First Boston, said the virus had
struck the company's offices in New York, San Francisco, and Palo Alto,
California, and that other offices worldwide may have been affected. He said
he did not know how many of the company's computers were infected.

Meyer said the Credit Suisse's technology department had been working on the
problem for much of the day and had sent out a warning about it this morning.
But he said the virus did not seem to have slowed the company's operations,
adding that it had not disrupted the investment company's stock trading.
Meyer noted that his own email had been working throughout the day.

Quick repairs
Representatives at AT&T and Intel reported that they were able to quickly
repair their systems after being hit by the virus.

"These are things that we have to do because of the communications reality
that we live in today," an AT&T spokeswoman said.

The virus disrupted work at Cambridge, Massachusetts-based industry analyst
firm Forrester Research, where Internet access, including email, was cut off.
Another analyst firm, Current Analysis, sent email to customers warning them
not open any email attachments coming from the firm with the .exe extension
because an employee's PC had been infected.

The infected email may contain the message: "Hi [recipient name]! I received
your email and I shall send you a reply ASAP. Till then, take a look at the
attached zipped docs. bye."

Unlike the Melissa virus, which harvested from a user's address book, the new
virus raids an email in-box when executed through Microsoft Exchange or
Outlook. The worm attaches itself as a file called zip_files.exe and is sent
off with a return email. Although the virus isn't expected to spread as
quickly and to as many computers as Melissa did, it does destroy files.

"It's an .exe file posing as a Zip file," said Eric Chien, senior researcher
at the Symantec Antivirus Research Center. The worm is particularly insidious
because it searches through hard drives and destroys files with extensions of
.doc, .xls, .ppt, .c, .cpp, .h, or .asm, he said.

Chien said that means whoever wrote the virus was targeting
corporations--seeking to destroy developers' source code, as well as
documents created using Microsoft Office applications, such as Word and

"It singles out those files and destroys them," he said. "This hits the local
drive and the file server."

Extent of damage not known
Chien said it is unclear how much damage the virus has done. "We've received
multiple reports from major corporations in the U.S.," he said. "What we're
hoping is that the initial jump on this Sunday night will prevent it from

Panda Software said it has added free downloads for the detection and
disinfection of the virus--which it called "extremely dangerous"--on its Web
site. The company also urged people to update antivirus software.

Esther Shin, a public relations specialist at Aventail, a Seattle-based
business-to-business e-commerce firm, said two of her colleagues encountered
the virus this morning. One of them lost all the files on his hard drive
after he opened the attachment, she added.

The email was worded to make the recipient believe that the message came from
a Microsoft employee, she said. Shin said she got a similar email but didn't
open the attachment.

"When I got hit I called all my contacts," she said.

Bloomberg and's Troy Wolverton, Dan Goodin, and Tim Clark
contributed to this report.

With best regards,

Ron Ptaszek

P&R Precision, Inc.
50495 Corporate Drive
Shelby Township, MI 48315


TEL: 810-254-6720
FAX: 810-254-0638

Prototype and Production Injection Molds direct from your Pro
or other Database with fast, reliable deliveries backed by 14 years
of CAD/CAM Experience and 45+ Years Tooling Expertise

For more information about the rp-ml, see

This archive was generated by hypermail 2.1.2 : Tue Jun 05 2001 - 22:51:52 EEST