“Dubbed MiniZip by some security vendors — a reference to how
the worm has been compressed — the latest outbreak uses exactly
the same technology as ExploreZip, the only difference being that
it has been compressed in a format that masks it from security
systems which scan incoming messages for attacks. While many
anti-virus applications now scan compressed files (and all scan for
ExploreZip) the creator of MiniZip utilized a lesser-known
shareware compression system called Neolite to render it invisible
to anti-virus security systems.”
“Other than the compressed file format and the slightly
different name of ExploreZip.worm.pak, the virus operates in
the same way as before, infecting a machine, deleting
files, and automatically sending infected responses to other
users. It, too, affects systems running Microsoft Outlook,
Outlook Express, and Exchange.”
“The first time around this virus caused more damage than all
non-virus security attacks combined,” Schrader said. “We don’t know
how much damage it’s going to do this time.”