Symantec First to Provide Immediate Protection for High-Risk,
Destructive Worm.ExploreZip Worm
Updated Virus Definition Set Available Now Via LiveUpdate,
Symantec Web Site
Cupertino, Calif. June 10, 1999 - Symantec Corporation
(Nasdaq: SYMC) today announced that a virus definition set is immediately
available to detect and repair the Worm.ExploreZip worm, which contains a
malicious payload that can result in non-recoverable data and/or inoperable
computer systems. Norton AntiVirus users are advised to protect themselves from
this worm by downloading the current virus definitions through LiveUpdate or from
the Symantec web site at www.symantec.com/avcenter/download.html.
"Symantec continues to outpace competitors in the speed at which it counters even
the most prolific and destructive viruses," said Enrique Salem, vice president of
Symantec's Security and Assistance Business Unit. "We remain determined to
continue to respond swiftly to the public's needs for technology that eliminates
the potential destruction that viruses such as Worm.ExploreZip can cause."
Worm.ExploreZip is a worm that contains a malicious payload. The worm utilizes
MAPI commands and Microsoft Outlook on Windows systems to propagate itself. The
worm was first discovered in Israel and submitted to the Symantec AntiVirus
Research Center (SARC) on June 6, 1999.
The worm e-mails itself out as an attachment with the filename
"zipped_files.exe"; the body of the e-mail message might appear to come from a
known e-mail correspondent and contains the following text: "Hi [recipient name]!
I received your email and I shall send you a reply ASAP. Till then, take a look
at the attached zipped docs. Bye" The worm determines the recipient by going
through received messages in the user's Inbox. Once the attachment is executed,
it might display an Error window, which contains the following text: "Cannot open
file: it does not appear to be a valid archive. If this file is part of a ZIP
format backup set, insert the last disk of the backup set and try again. Please
press F1 for help."
The worm proceeds to copy itself to the c:\windows\system directory with the
filename "Explore.exe" and then modifies the WIN.INI file so that the program is
executed each time Windows is started. The worm then utilizes the user's e-mail
client to harvest e-mail addresses in order to propagate itself. Users might
notice that their e-mail client starts when this occurs.
In addition, when Worm.ExploreZip is executed, it also searches through the C
through Z drives of the user's computer system and selects files with extensions
.c, .cpp, .h, .asm, .doc, .ppt, .xls to destroy by making them 0 bytes long. This
can result in non-recoverable data and inoperable computers.
Symantec AntiVirus Research Center (SARC)
SARC is the industry's largest dedicated team of virus experts. With offices
located in the United States, Japan, Australia, and the Netherlands, the sun
never sets on SARC. The center's mission is to provide swift, global responses to
computer virus threats, proactively research and develop technologies that
eliminate such threats, and educate the public on safe computing practices. As
new computer viruses appear, SARC develops identification and detection for these
viruses, and provides either a repair or delete operation, thus keeping users
protected against the latest virus threats.
Symantec is the world leader in utility software for business and personal computing.
Symantec products and solutions help make users productive and keep their computers
safe and reliable anywhere and anytime. Symantec offers a broad range of solutions
and is acclaimed as a leader in both customer satisfaction and product brand
recognition. Symantec is traded on Nasdaq under the symbol SYMC. More information
on the company and its products can be obtained at www.symantec.com.
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products,
view the Symantec Press Center at www.symantec.com/PressCenter/ on Symantec's Website.
Brands and products referenced herein are the trademarks or registered trademarks of their
respective holders. All prices noted are in US dollars and are valid only in the United States.