ExploreZip
ExploreZip (also known as I-Worm.ZippedFiles[1]) is a destructive computer worm that attacks machines running Microsoft Windows. It was first discovered in Israel on June 6, 1999.[2] The worm contains a malicious payload, and utilizes Microsoft Outlook, Outlook Express, or Exchange to mail itself out by replying to unread messages in the user's inbox. The worm also searches mapped drives and networked computers for Windows installations. If found, it copies itself to the Windows folder of the remote computer and then modifies the Win.ini file of the infected computer. On January 8, 2003, Symantec discovered a packed variant of this threat which exhibits the same characteristics.[1]
Distribution
The worm is distributed in the form of an e-mail with the words:
Hi !
I have received your email and I shall send you a reply ASAP.
Till then, take a look at the attached zipped docs.
bye[3]
Payload
The message includes an attachment with the name ZIPPED_FILES.EXE.[3] If opened, a dialog box appears in Windows resembling the one normally appearing when opening a corrupted Zip archive, while the worm copies itself onto the machine's hard drive. It also modifies the WIN.INI file (Windows 9x) or the Windows Registry (Windows NT) so that it re-executes on reboot.
The worm looks for a copy of Microsoft Outlook to mail itself to all other people in the user's address book. It then destroys Microsoft Office documents, C, C++, and assembly language source files[3] on the user's hard drive by overwriting them with zero-byte files.
References
- ^ a b "Worm.ExploreZip". Symantec.com. May 1, 2007. Archived from the original on February 5, 2016.
- ^ "FBI investigates worm wiggling through Net - Jun. 11, 1999". money.cnn.com. Archived from the original on February 1, 2021. Retrieved 2021-01-23.
- ^ a b c "The ExploreZip Worm". US Department of Energy. June 11, 1999. Archived from the original on August 21, 2008.
External links
- Worm.ExploreZip – Symantec.com
- The ExploreZip worm - Computer Incident Advisory Capability (US Department of Energy)
 | This malware-related article is a stub. You can help Wikipedia by adding missing information. |
Content Disclaimer
Informasi ini disarikan dari Wikipedia dan disajikan kembali untuk tujuan edukasi. Konten tersedia di bawah lisensi CC BY-SA 3.0. Kami tidak bertanggung jawab atas ketidakakuratan data yang bersumber dari kontribusi publik tersebut.
- The information displayed on this website is sourced in part or in whole from Wikipedia and has been adapted for the purpose of restating it. We strive to provide accurate and relevant information, however:
- There is no guarantee of absolute accuracy. Wikipedia is an open, collaborative project that can be edited by anyone, so information is subject to change.
- It is not intended to constitute professional advice. The content displayed is for informational and educational purposes only. For important decisions (e.g., medical, legal, or financial), please consult a professional.
- Content copyright. Wikipedia is licensed under the Creative Commons Attribution-ShareAlike License (CC BY-SA). This means that content may be reused with appropriate attribution and shared under a similar license.
- Responsible use. Any risk arising from the use of information from this website is entirely the responsibility of the user.