This confirms that, as usual, Harold Sprague is correct. The ExploreZip
Virus is NOT a hoax.
Stan R. Caldwell, P.E., F.ASCE
Virus-Free in Dallas
Updated 12:07 AM ET June 11, 1999
By Dick Satran
SAN FRANCISCO (Reuters) - A new email-borne computer infection swept the
Internet Thursday, showing up quickly in thousands of computers around the
world and leading to the shutdown of some corporate e-mail systems.
The new infection, "called the ExploreZip worm," can erase files from a
users' computers, making it inherently more dangerous than the Melissa
virus, which gained notoriety for its ability to spread quickly but not
because it destroyed any data.
ExploreZip is known as a worm, not a virus, because it can't replicate
itself. Computer viruses such as Melissa, which appeared in March, are
written with the capability to reproduce through automation.
But even if it can't reproduce itself, it's spreading its destructive force
quickly, experts said. Computers in the U.S., Germany, France, Norway,
Israel and the Czech Republic were invaded, said Finnish computer security
firm Data Fellows Corp.
Network Associates Inc., the computer security firm, said it gave ExploreZip
a "high risk" classification because the number of incidents doubled
overnight and it has already shown up on thousands of computers. The company
said it believes the worm originated in Israel.
The Melissa virus gained notoriety because it was the fastest-moving virus
ever seen, and other recent virus, the CIH, or "Chernobyl" virus, in April,
caused severe damage to a relatively small number of computers. "This worm
combines the speed of Melissa with the destructive payload of the CIH
virus," said Wes Wasson, director of anti-virus products at Network
The computer bug is cleverly disguised as an e-mail that appears to be a
response to an earlier message, borrowing a page from Melissa, which
appeared as a benign e-mail and surreptitiously sent messages to other
"I received your e-mail, and I shall reply ASAP," the ExploreZip message
reads. "Till then, take a look at the zipped docs."
The computer experts warned users to delete that message. Users who respond
by clicking on the attached file will launch the virus into their computer
that will then destroy Microsoft Outlook, Express and possibly other e-mail
Leading computer security companies Network Associates (http://www.nai.com),
Symantec Corp. (http://symantec.com) and Trend Micro Inc.
(http://www.antivirus.com) all have offered virus protection patches that
can be downloaded from their sites to identify and eliminate the bug.
"Apart from the using the anti-virus software, we just recommend that people
not open any file that they can't verify the origin of," said a Network
The Washington lobbying office of one major U.S. corporation was hit
Thursday, receiving e-mail with the virus that appeared to be from company
officials in other offices. One recipient, unaware of the malicious nature
of the e-mail attachment, ran the program and lost numerous files.
"I think that anyone who randomly wipes out people's files is totally
obnoxious," the person, who asked to remain anonymous, said.
At Wall Street brokerage giant Merrill Lynch, the e-mail system was shut
down to protect data after the worm was found on a computer. "We learned our
lesson with Melissa that you have to work quickly to avoid problems," said a
Computers at dozens of other companies were reported hit, and Network
Associates said "consumers at home will be affected as well."