HOME

TheInfoList



Click Here for Items Related To - ExploreZip
OR:
ExploreZip on:   [Wikipedia]   [Google]   [Amazon]

ExploreZip (also known as I-Worm.ZippedFiles) is a destructive
computer worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will ...
that attacks machines running
Microsoft Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
. It was first discovered in
Israel Israel, officially the State of Israel, is a country in West Asia. It Borders of Israel, shares borders with Lebanon to the north, Syria to the north-east, Jordan to the east, Egypt to the south-west, and the Mediterranean Sea to the west. Isr ...
on June 6, 1999. The worm contains a malicious payload, and utilizes Microsoft Outlook, Outlook Express, or Exchange to mail itself out by replying to unread messages in the user's inbox. The worm also searches mapped drives and networked computers for Windows installations. If found, it copies itself to the Windows folder of the remote computer and then modifies the Win.ini file of the infected computer. On January 8, 2003, Symantec discovered a packed variant of this threat which exhibits the same characteristics.


Distribution

The worm is distributed in the form of an
e-mail Electronic mail (usually shortened to email; alternatively hyphenated e-mail) is a method of transmitting and receiving Digital media, digital messages using electronics, electronic devices over a computer network. It was conceived in the ...
with the words:
''Hi !'' ''I have received your email and I shall send you a reply ASAP.'' ''Till then, take a look at the attached zipped docs.'' ''bye''


Payload

The message includes an attachment with the name ZIPPED_FILES.EXE. If opened, a
dialog box In computing, a dialog box (also simply dialog) is a graphical control element in the form of a small window that communicates information to the user and prompts them for a response. Dialog boxes are classified as " modal" or "modeless", dep ...
appears in Windows resembling the one normally appearing when opening a corrupted Zip archive, while the worm copies itself onto the machine's hard drive. It also modifies the WIN.INI file (
Windows 9x Windows 9x is a generic term referring to a line of discontinued Microsoft Windows operating systems released from 1995 to 2000 and supported until 2006, which were based on the kernel introduced in Windows 95 and modified in succeeding version ...
) or the
Windows Registry The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, a ...
(
Windows NT Windows NT is a Proprietary software, proprietary Graphical user interface, graphical operating system produced by Microsoft as part of its Windows product line, the first version of which, Windows NT 3.1, was released on July 27, 1993. Original ...
) so that it re-executes on
reboot In computing, rebooting is the process by which a running computer system is restarted, either intentionally or unintentionally. Reboots can be either a cold reboot (alternatively known as a hard reboot) in which the power to the system is physi ...
. The worm looks for a copy of
Microsoft Outlook Microsoft Outlook is a personal information manager software system from Microsoft, available as a part of the Microsoft 365 software suites. Primarily popular as an email client for businesses, Outlook also includes functions such as Calendari ...
to mail itself to all other people in the user's
address book An address book or a name and address book is a book, or a database used for storing entries, called contacts. Each contact entry usually consists of a few standard fields (for example: first name, last name, company name, address, telephone numb ...
. It then destroys
Microsoft Office Microsoft Office, MS Office, or simply Office, is an office suite and family of client software, server software, and services developed by Microsoft. The first version of the Office suite, announced by Bill Gates on August 1, 1988, at CO ...
documents, C, C++, and
assembly language In computing, assembly language (alternatively assembler language or symbolic machine code), often referred to simply as assembly and commonly abbreviated as ASM or asm, is any low-level programming language with a very strong correspondence bet ...
source files on the user's hard drive by overwriting them with zero-byte files.


References


External links


Worm.ExploreZip – Symantec.com
* (
US Department of Energy US or Us most often refers to: * Us (pronoun), ''Us'' (pronoun), the objective case of the English first-person plural pronoun ''we'' * US, an abbreviation for the United States US, U.S., Us, us, or u.s. may also refer to: Arts and entertainme ...
) {{malware-stub Email worms Hacking in the 1990s