Loading ...
Sorry, an error occurred while loading the content.

[techbooks] (Fwd) Explore "virus"/worm warning

Expand Messages
  • Rob Slade, doting grandpa of Ryan and Tr
    The past few days have seen reports of a virus which is generally being referred to as Explore. Explore is real, and is quite dangerous. Hopefully the
    Message 1 of 1 , Jun 11, 1999
    • 0 Attachment
      The past few days have seen reports of a "virus" which is generally being
      referred to as "Explore." Explore is real, and is quite dangerous. Hopefully
      the recent Melissa scare will have made people more aware and alert. It is not
      yet known how widespread the virus is.

      Explore uses a reproductive strategy similar to Melissa: trust for people with
      whom one regularly corresponds. The easiest way to describe the worm is to
      outline the similarities and differences with Melissa.

      Melissa used Outlook to spread itself, but was a Microsoft Word macro virus,
      and used the functions of Word for both infection and payload. Explore is not
      a virus, in that it does not infect another object. It is technically more
      like the Internet Worm of 1988 in that it sends itself as a single object.
      Explore uses Outlook to spread itself. Whereas Melissa read the address book,
      Explore parses the Inbox, and "replies" to all messages. Part of what this
      means is that Explore messages appear to be replies to messages that you have
      sent.

      Like Melissa, Explore arrives as an attachment. Again, we reiterate: DO NOT
      RUN ANY ATTACHMENTS IF YOU DO NOT KNOW WHAT THEY ARE!

      Explore is a regular executable program, and does not require Word for any
      functions. Unlike Melissa it will install itself on the computer in such a
      manner that it starts at boot time, and will continue to run in the background,
      replying to all new mail. As an executable file, Explore will not run on Macs
      or other non-Wintel machines.

      The subject of "infected" messages will appear to be a reply to a prior
      message. The test of "infected" messages reads:

      =====
      Hi [Receipient Name]!

      I received your email and I shall send you a reply ASAP.

      Till then, take a look at the attached zipped docs.

      bye (or sincerely [Receipient Name])
      ======

      If the executable file is run, it may generate a false alert message stating
      that the file is corrupted. This appears to be an attempt to persuade people
      that the program has not actually run.

      The major point about Explore, however, is that is carries a damaging payload.
      It truncates to zero length (empties the contents of) files with extension .c
      (C language source code), .h (C "header" libraries), .asm (assembler source),
      .doc (Word document), .xls (Excel), and .ppt (PowerPoint). Thus, the payload
      targets software developers using the C language, and office work by people
      using Microsoft's Office suite. Loss of these files can be much more damaging
      than loss of system or program files.

      Outlook is used to spread the program, but is not required for the payload.
      Anyone who receives Explore in an attachment is at risk. Again, do not run any
      attachements unless you know, for sure, what they are. Most mail programs will
      allow you to run an attachment with a couple of clicks. Some versions of
      Outlook may automatically load and run atttachments of the first message
      downloaded.

      This message is sent without copyright in order to facilitate further
      distribution.

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      The unexamined life is not worth living. - Socrates
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade

      ------------------------------------------------------------------------

      eGroups.com home: http://www.egroups.com/group/techbooks
      http://www.egroups.com - Simplifying group communications
    Your message has been successfully submitted and would be delivered to recipients shortly.