Panda Software has reported the appearance of the ‘N’ variant of W32/Explorezip, an e-mail worm designed to spread rapidly and massively. For this reason the antivirus software developer is warning users to treat all e-mails received with caution.
W32/Explorezip.N mails itself out using MAPI commands in MS Outlook, MS Outlook Express and MS Exchange. It reaches computers by e-mail in a file called zipped_files.exe. Unlike its predecessor, this worm is compressed using UPX and the file size is 91,048 bytes.
W32/Explorezip is a particularly destructive worm. Once activated, it selects files and documents on the infected machine and truncates them to 0 bytes (as if they were emptied or deleted). It then repeats this operation every 30 minutes. This action may produce the irretrievable loss of important data. In networked environments, the worm searches for other users’ access to the Windows directory and, if found, proceeds to copy itself and modify the WIN.INI files on these new machines. It then goes on to activate its malicious payload by truncating the files it attacks.
When it first appeared in 1999, W32/Explorezip became, along with Melissa, one of the most damaging and costly viruses to hit companies.
To avoid possible incidents involving W32/Explorezip.N, Panda Software advises users to update their antiviruses. Users of the company’s solutions can download the corresponding update to their antivirus, which detects and eliminates this worm, from http://www.pandasoftware.com.
Users who want to disinfect their systems online can use the free antivirus, Panda ActiveScan, also available from the company’s website.
Detailed technical information on this and other malicious code is available from Panda Software’s Virus Encyclopedia.