TROJ EXPLOREZIP Is Back with a Twist.

CUPERTINO, Calif.--(BUSINESS WIRE)--Nov. 30, 1999--

A Variant of the Autospam TROJ_EXPLOREZIP Worm,

TROJ_EXPZIPWMPAK, is Spreading Quickly and Damaging Files

Trend Micro Inc., (Nasdaq:TMIC TMIC Trend Micro Inc. (stock symbol)
TMIC Top Mount Intercooler (automotive turbo systems)
TMIC Traffic Management and Information Centre
TMIC Training Management Information Center ) the leader in centrally managed virus protection and content filtering See Web filtering and parental control software. products and services, has developed a solution to a newly discovered variant of the Trojan ExploreZip worm originally discovered in June, 1999.

This variant, TROJ_EXPZIPWMPAK, is identical to the original ExploreZip worm in that it is auto-spamming malicious code that destroys data on the infected system. The only significant difference between this variant of the worm and the original is that TROJ_EXPZIPWMPAK is compressed with a different type of compression format, thereby evading protection for the previous worm. TROJ_EXPZIPWMPAK attacks Windows 95, 98, and NT systems and has been detected at several Fortune 500 customer sites in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. .

How It Works

TROJ_EXPZIPWMPAK emails itself out as an attachment under the filename "zipped_files.exe". The subject line of the email varies. The body of the email message may also contain the following text: -0-


     Hi (Recipient Name)!

     I received your email and I shall send you a reply ASAP. Till
     then, take a look at the attached zipped docs. Bye (This
     salutation messages changes and may be "Bye", Sincerely" and
     "All")

-0-

After a user clicks on the attachment, this destructive trojan searches hard drives C: through Z:, selecting the Microsoft Word A full-featured word processing program for Windows and the Macintosh from Microsoft. Included in the Microsoft application suite, it is a sophisticated program with rudimentary desktop publishing capabilities that has become the most widely used word processing application on the market. , Excel and PowerPoint files as well as source code files used by programmers including C++, C, and Assembler source files and reduces their file size to zero, making the data unrecoverable. When executed, TROJ_EXPZIPWMPAK utilizes MAPI (Mail API) A programming interface from Microsoft that enables a client application to send to and receive mail from Exchange Server or a Microsoft Mail (MS Mail) messaging system. Microsoft applications such as Outlook, the Exchange client and Microsoft Schedule use MAPI. enabled email systems, to automatically reply to any subsequently received email messages. The email reply will include the infected attachment with the message shown above. It will use the subject line of the received email when it replies.

"TROJ_EXPLOREZIP caused millions of dollars of damage worldwide the first time around, so we're not taking its second coming lightly," says David Perry

This article is about David Perry, the game developer. For the David Perry who was a co-commentator on the UK video game TV show 'GamesMaster', please see Dave Perry, and for other uses, please see David Perry (disambiguation)

David Perry , public education director for Trend Micro. "Since it overwrites files, instead of just deleting them, it's particularly damaging and because of its insidious social engineering, TROJ_EXPZIPWMPAK has the ability to fool a lot of people into innocently opening and triggering it."

Solutions Available from Trend Micro

To protect against this dangerous worm, computer users will need to have an antivirus solution that has been updated to protect against TROJ_EXPZIPWMPAK. Trend Micro customers can download an updated pattern file (No. 615) from Trend Micro's Web site to ensure they are protected. Concerned computer users can also surf to www.antivirus.com and use HouseCall(TM), Trend Micro's free Internet virus scanning service to detect and remove the malicious trojan from their system.

More information about "TROJ_EXPZIPWMPAK" can be obtained from Trend's Website at http://www.antivirus.com.

About Trend Micro

Trend Micro provides centrally controlled server-based virus protection and content-filtering products and services. By protecting information that flows through Internet gateways, email servers, and file servers, Trend Micro allows companies worldwide to stop viruses and other malicious code from a central point before they ever reach the desktop.

Trend Micro's award-winning products have been chosen by Check Point Software Technologies, Cisco Systems “Cisco” redirects here. For other uses, see Cisco (disambiguation).
Cisco System,Inc. (NASDAQ: CSCO, HKSE: 4333 ) is an American multinational corporation with 54,000 employees and annual revenue of US $28.48 billion as of 2006. , Compaq, Hewlett-Packard, IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) , ISS ISS

See Institutional Shareholder Services (ISS). , Lotus, Lucent Technologies, Microsoft, Oracle, Sprint, Sun Microsystems Sun Microsystems, Inc. (NASDAQ: JAVA^[3]) is an American vendor of computers, computer components, computer software, and information-technology services, founded on 24 February 1982. and U S WEST as part of their server security solutions.

Trend Micro's corporate headquarters is located in Tokyo, Japan, with business units in North and South America South America, fourth largest continent (1991 est. pop. 299,150,000), c.6,880,000 sq mi (17,819,000 sq km), the southern of the two continents of the Western Hemisphere. , Europe, Asia, and Australia. The North American North American

named after North America.

North American blastomycosis
see North American blastomycosis.

North American cattle tick
see boophilusannulatus. head office is located in Cupertino, CA. Trend Micro's products are sold directly and through a network of corporate and value-added resellers.

Evaluation copies of all of Trend Micro's products may be downloaded from its award-winning site, http://www.antivirus.com. Web site visitors may also test-drive products online through Trend Micro's Virtual Lab.

HouseCall is a trademark of Trend Micro Incorporated. Other product and company names may be trademarks of their respective owners.

Note to Editors: In the virus names throughout this press release, an underscore symbol should appear after the letters TROJ. This symbol may not appear properly in some systems.

COPYRIGHT 1999 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Publication:	Business Wire
Geographic Code:	1USA
Date:	Dec 1, 1999
Words:	689
Previous Article:	ON24 Video Investor Alert: ON24/TalkOnStocks: Dan Gibby, Analyst, Pristine.com.
Next Article:	CYNT Continues European Development Progress.
Topics:	Computer software industry Software Software industry

Related Articles
Letters to the Editor.(Letter to the Editor)
NEW VIRUSSCAN 4.5 OFFERS ENTERPRISE PROTECTION, MANAGES NET-CONNECTED PCs.(Brief Article)(Product Announcement)
Security Supplement.
Top Ten Viruses Reported To Sophos In July 2001.
Sublease with a Novell twist.(Novell Inc., Staubach Company)(Brief Article)
Osama Bin Laden suicide photographs.(Virus Notes)(Brief Article)
New Trojan horse sends mobile phone spam.(Security)(Brief Article)
Troj/ Bagle D1-L Trojan horse.(SOFTWARE WORLD DIGEST)(Brief Article)
Firms wait for Microsoft fix for day zero PowerPoint flaw.(Security)
Arabic Trojan Horse interupts adult websites.(Security News)