Your Peace of Mind is our Commitment

Contact Us English Recent Articles

New Discovery in the ZippedFiles Internet Worm

First published: 17th June 1999

Destructive worm can hit your machine even if you don't use e-mail

Espoo, Finland - Researchers at the Data Fellows computer virus laboratory have discovered new functionality in the widespread ZippedFiles (also known as ExploreZip) Internet worm. Once the virus infects one machine in a corporate network, the worm will start to look for other Windows workstations in the network.

If another user has shared directories from his machine for others, the virus will try to infect this machine over the network.

This means that your machine can get infected with the ZippedFiles worm even if you're very careful with your e-mail, do not open attachments, or you even stop using e-mail completely. You will not notice the infection, but your machine will start to automatically reply to all e-mails received thereafter. The replies contain an infected attachment and will spread the worm further. In addition, the worm will start to overwrite files on local and network drives.

In order to receive the virus over the company network, your machine must be running Windows 95 or 98 and must have either the system drive or the Windows directory shared for other users with full access rights. The shared drive does not have to be mounted to the infected system in order for the worm to spread, as the worm will browse all available drive shares in the network. By default, Windows does not share drives for use by other users, but many users do this to give fellow workers easy access to their files.

"This seems to be one of the reasons we've seen widespread infections within single companies", comments Mikko Hypponen, Manager of Anti-Virus Research at Data Fellows. "We have to remember that this worm does not spread over e-mail nearly as fast as the Melissa virus did. It only spreads at the rate of normal e-mail traffic - if you receive ten e-mails a day, you will send the worm out ten times". "However, once ZippedFiles enters your corporate network, it will travel around fast if you don't have every workstation running up-to-date protection."

Questions & Answers on the ZippedFiles worm: