CUPERTINO, Calif. – Dec. 1, 1999 - Symantec Corp. (Nasdaq: SYMC) today announced that it has detected and repaired new virulent strains of ExploreZip and Melissa that are actively spreading through corporate networks worldwide.
The first virus, W32/ExploreZip.worm.pak, is a variant of the malicious ExploreZip worm that infected users in June 1999. This worm can spread on Windows 95, 98 and NT computers using Microsoft Outlook, Outlook Express and Exchange e-mail programs. The subject line reads "I received your email and I shall send you a reply ASAP. Till then, take a look a the attached zipped docs."
Like the original ExploreZip, W32/ExploreZip.worm.pak contains a malicious payload and will continually attempt to destroy any file with the extension .h, .c, .cpp, .asm, .doc, .ppt, or .xls on infected hard drives and on any computers that are accessible over the local area network. The new variant is virtually identical to the original strain; however, to avoid detection by most anti-virus software, the virus has been concealed using a file compression tool.
The second virus, W97M.Melissa.AA -- a variant of the original Melissa virus that was discovered March 1999 -- is a macro virus that spreads itself in e-mail using Outlook or Outlook Express and Exchange. W97M.Melissa.AA can be contracted from infected Word for Windows documents through e-mail, on floppy diskettes or over the Internet. Once a system is infected, the virus will attempt to send itself out to the first 100 people in the Outlook address book. In addition, W97M.Melissa.AA will infect other document files on the infected computer as they are accessed. If the subsequently infected files are passed on to other users, they too can spread the infection. When an infected document is opened, the virus may attempt to replace any highlighted text in any open word document with a space character.
W97M.Melissa.AA was detected by Symantec's exclusive Bloodhound heuristic technology, which detects viruses by searching for virus-like behavior, and can detect new or unknown virus strains because they use similar mechanisms as existing viruses to spread themselves. Consequently, Norton AntiVirus customers are automatically protected against W97M.Melissa.AA. All Norton AntiVirus products incorporate Symantec's advanced heuristic technology, which has to date been able to detect more than 90 percent of new and unknown macro viruses.
"Both of these computer worms are capable of spreading rapidly through e-mail. Additionally, W32/ExploreZip.worm.pak has the potential to cause serious damage," said Vincent Weafer, director of the Symantec AntiVirus Research Center. "We urge users to update their anti-virus definitions immediately and to continue to keep their definitions up to date to ensure that their critical data remains protected."
To obtain immediate protection against W32/ExploreZip.worm.pak and W97M.Melissa.AA, Norton AntiVirus customers can download the current virus definition sets through Symantec's LiveUpdate feature or from the Symantec Web site at www.symantec.com/avcenter/download.html.
Symantec AntiVirus Research Center
SARC is one of the industry's largest dedicated team of virus experts. With offices located in the United States, Japan, Australia, and the Netherlands, the sun never sets on SARC. The center's mission is to provide swift, global responses to computer virus threats, proactively research and develop technologies that eliminate such threats, and educate the public on safe computing practices. As new computer viruses appear, SARC develops identification and detection for these viruses, and provides either a repair or delete operation, thus keeping users protected against the latest virus threats.
Symantec, a world leader in Internet security technology, provides content security solutions to enterprise organizations and helps companies manage and support workforces that use computers and other mobile devices.
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, view the Symantec Press Center at www.symantec.com/PressCenter/ on Symantec's Website.