Press Release

LinkedIn Facebook Twitter RSS

Symantec First to Provide Immediate Protection for High-Risk, Destructive Worm.ExploreZip Worm

Updated Virus Definition Set Available Now Via LiveUpdate, Symantec Web Site

Cupertino, Calif. June 10, 1999 - Symantec Corporation (Nasdaq: SYMC) today announced that a virus definition set is immediately available to detect and repair the Worm.ExploreZip worm, which contains a malicious payload that can result in non-recoverable data and/or inoperable computer systems. Norton AntiVirus users are advised to protect themselves from this worm by downloading the current virus definitions through LiveUpdate or from the Symantec web site at www.symantec.com/avcenter/download.html.

"Symantec continues to outpace competitors in the speed at which it counters even the most prolific and destructive viruses," said Enrique Salem, vice president of Symantec's Security and Assistance Business Unit. "We remain determined to continue to respond swiftly to the public's needs for technology that eliminates the potential destruction that viruses such as Worm.ExploreZip can cause."

Worm.ExploreZip is a worm that contains a malicious payload. The worm utilizes MAPI commands and Microsoft Outlook on Windows systems to propagate itself. The worm was first discovered in Israel and submitted to the Symantec AntiVirus Research Center (SARC) on June 6, 1999.

The worm e-mails itself out as an attachment with the filename "zipped_files.exe"; the body of the e-mail message might appear to come from a known e-mail correspondent and contains the following text: "Hi [recipient name]! I received your email and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs. Bye" The worm determines the recipient by going through received messages in the user's Inbox. Once the attachment is executed, it might display an Error window, which contains the following text: "Cannot open file: it does not appear to be a valid archive. If this file is part of a ZIP format backup set, insert the last disk of the backup set and try again. Please press F1 for help."

The worm proceeds to copy itself to the c:\windows\system directory with the filename "Explore.exe" and then modifies the WIN.INI file so that the program is executed each time Windows is started. The worm then utilizes the user's e-mail client to harvest e-mail addresses in order to propagate itself. Users might notice that their e-mail client starts when this occurs.

In addition, when Worm.ExploreZip is executed, it also searches through the C through Z drives of the user's computer system and selects files with extensions .c, .cpp, .h, .asm, .doc, .ppt, .xls to destroy by making them 0 bytes long. This can result in non-recoverable data and inoperable computers.

Symantec AntiVirus Research Center (SARC)
SARC is the industry's largest dedicated team of virus experts. With offices located in the United States, Japan, Australia, and the Netherlands, the sun never sets on SARC. The center's mission is to provide swift, global responses to computer virus threats, proactively research and develop technologies that eliminate such threats, and educate the public on safe computing practices. As new computer viruses appear, SARC develops identification and detection for these viruses, and provides either a repair or delete operation, thus keeping users protected against the latest virus threats.

About Symantec
Symantec is the world leader in utility software for business and personal computing. Symantec products and solutions help make users productive and keep their computers safe and reliable anywhere and anytime. Symantec offers a broad range of solutions and is acclaimed as a leader in both customer satisfaction and product brand recognition. Symantec is traded on Nasdaq under the symbol SYMC. More information on the company and its products can be obtained at www.symantec.com.

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, view the Symantec Press Center at www.symantec.com/PressCenter/ on Symantec's Website.

Brands and products referenced herein are the trademarks or registered trademarks of their respective holders. All prices noted are in US dollars and are valid only in the United States.