Linux Today: Linux News On Internet Time.

InfoWorld: New version of ExploreZip defies anti-virus systems

Dec 01, 1999, 22:43 (4 Talkback[s])
(Other stories by Matthew Nelson)

"Dubbed MiniZip by some security vendors -- a reference to how the worm has been compressed -- the latest outbreak uses exactly the same technology as ExploreZip, the only difference being that it has been compressed in a format that masks it from security systems which scan incoming messages for attacks. While many anti-virus applications now scan compressed files (and all scan for ExploreZip) the creator of MiniZip utilized a lesser-known shareware compression system called Neolite to render it invisible to anti-virus security systems."

"Other than the compressed file format and the slightly different name of ExploreZip.worm.pak, the virus operates in the same way as before, infecting a machine, deleting files, and automatically sending infected responses to other users. It, too, affects systems running Microsoft Outlook, Outlook Express, and Exchange."

"The first time around this virus caused more damage than all non-virus security attacks combined," Schrader said. "We don't know how much damage it's going to do this time."

Complete Story

Related Stories: