Discovered: January 10, 2003
Updated: February 13, 2007 11:59:24 AM
Also Known As: W32/ExploreZip.worm@M [McAfee], I-Worm.ZippedFiles.h [KAV], WORM_EXPLORZIP.M [Trend], Win32/ExploreZip.Worm [CA], W32/ExploreZip.E [F-Secure], W32/ExploreZip.worm.210432 [F-, W32/ExploreZi-N [Sophos]
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
W32.ExploreZip.L.Worm is a variant of Worm.ExploreZip, a worm that contains a malicious payload. The file has been repacked to make it more difficult to detect with older, existing antivirus software. This worm is packed with the UPX file format, version 0.76.1-1.24.
The worm uses Microsoft Outlook, Outlook Express, or Exchange to mail itself, by replying to unread messages in the Inbox. The email attachment is titled Zipped_files.exe.
W32.ExploreZip.L.Worm also searches the mapped drives and network computers for Windows installations. If they are found, the worm copies itself to the \Windows folder of the remote computer, and then modifies the Win.ini file of the infected computer.
Definitions dated from January 8, 2003 to January 10, 2003 will detect this worm as Worm.ExploreZip.
Protection
-
Initial Rapid Release version January 10, 2003
-
Latest Rapid Release version March 3, 2008 revision 035
-
Initial Daily Certified version January 10, 2003
-
Latest Daily Certified version March 3, 2008 revision 037
-
Initial Weekly Certified release date January 10, 2003
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: 50 - 999
-
Number of Sites: 3 - 9
-
Geographical Distribution: Low
-
Threat Containment: Moderate
-
Removal: Moderate
Damage
Distribution
Writeup By: Jari Kytojoki
