ExploreZip

ExploreZip, also known as I-Worm.ZippedFiles, is a destructive computer worm which attacks machines running Microsoft Windows. It was first discovered in Israel on June 6, 1999.

Distribution

It is distributed in the form of an e-mail message with the words:

Hi!

I have received your email and I shall send you a reply ASAP. Till then take a look at the attached zipped docs.

Bye!

Payload

The message includes an attachment with the name ZIPPED_FILES.EXE. If opened, a dialog box appears in Windows resembling the one normally appearing when opening a corrupted Zip archive, while the worm copies itself onto the machine's hard drive, while modifying the WIN.INI file (Windows 9x) or the Windows Registry (Windows NT) so that it re-executes on reboot.

The worm looks for a copy of Microsoft Outlook to mail itself to all other people in the user's address book and also destroys Microsoft Office documents and C and C++ source files on the user's hard-drive by overwriting them with zero-byte files.

External links

• Worm.ExploreZip – Symantec.com
• The ExploreZip worm - Computer Incident Advisory Capability (US Department of Energy)

This malware-related article is a stub. You can help Wikipedia by expanding it.