The past few days have seen reports of a "virus" which is generally being
referred to as "Explore." Explore is real, and is quite dangerous. Hopefully
the recent Melissa scare will have made people more aware and alert. It is not
yet known how widespread the virus is.
Explore uses a reproductive strategy similar to Melissa: trust for people with
whom one regularly corresponds. The easiest way to describe the worm is to
outline the similarities and differences with Melissa.
Melissa used Outlook to spread itself, but was a Microsoft Word macro virus,
and used the functions of Word for both infection and payload. Explore is not
a virus, in that it does not infect another object. It is technically more
like the Internet Worm of 1988 in that it sends itself as a single object.
Explore uses Outlook to spread itself. Whereas Melissa read the address book,
Explore parses the Inbox, and "replies" to all messages. Part of what this
means is that Explore messages appear to be replies to messages that you have
Like Melissa, Explore arrives as an attachment. Again, we reiterate: DO NOT
RUN ANY ATTACHMENTS IF YOU DO NOT KNOW WHAT THEY ARE!
Explore is a regular executable program, and does not require Word for any
functions. Unlike Melissa it will install itself on the computer in such a
manner that it starts at boot time, and will continue to run in the background,
replying to all new mail. As an executable file, Explore will not run on Macs
or other non-Wintel machines.
The subject of "infected" messages will appear to be a reply to a prior
message. The test of "infected" messages reads:
Hi [Receipient Name]!
I received your email and I shall send you a reply ASAP.
Till then, take a look at the attached zipped docs.
bye (or sincerely [Receipient Name])
If the executable file is run, it may generate a false alert message stating
that the file is corrupted. This appears to be an attempt to persuade people
that the program has not actually run.
The major point about Explore, however, is that is carries a damaging payload.
It truncates to zero length (empties the contents of) files with extension .c
(C language source code), .h (C "header" libraries), .asm (assembler source),
.doc (Word document), .xls (Excel), and .ppt (PowerPoint). Thus, the payload
targets software developers using the C language, and office work by people
using Microsoft's Office suite. Loss of these files can be much more damaging
than loss of system or program files.
Outlook is used to spread the program, but is not required for the payload.
Anyone who receives Explore in an attachment is at risk. Again, do not run any
attachements unless you know, for sure, what they are. Most mail programs will
allow you to run an attachment with a couple of clicks. Some versions of
Outlook may automatically load and run atttachments of the first message
This message is sent without copyright in order to facilitate further
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
The unexamined life is not worth living. - Socrates
eGroups.com home: http://www.egroups.com/group/techbooks
- Simplifying group communications