Jesse Berst: Devastating email worm on the loose

I hate worms. You should too. Not the creepy-crawlers, not William Hague -- the high-tech kind. And we've got one loose right now that's very nasty.

And very dangerous. Worm.ExploreZip is a virus capable of destroying data. It enters your system through email. If you don't catch it, it may destroy crucial files on your system.

Experts aren't sure how far Worm.ExploreZip has spread, but email systems at Microsoft, Intel, Symantec, NBC and General Electric were hit so hard that some had to shut down mail servers. That kind of malicious power should not be ignored. By the time you read this, millions more computers could be overwhelmed. Here's what to do right now:

  • Know the worm's habits

  • Sanitize your system and your company

  • Be prepared for the next one


You're a target if you use: ·

  • Microsoft Windows 95, 98 or NT ·

  • Microsoft Outlook or Microsoft Exchange for email
· That means millions of users. If you're among them, be very careful with email. Do not open email with attachments unless you're certain the sender is safe, and only after you've downloaded protective software.

The worm -- first discovered in Israel -- enters as an email attachment with the name "zipped_files.exe." Its deceptively friendly message reads: Hi "name of recipient"! I received your e-mail and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs. Bye. Experts say you should delete it without opening it, and then empty the deleted items file. If it executes, the worm copies itself to the windows system directory with the filename "Explore.exe" and then modifies the WIN.INI file so the program executes each time Windows starts.

It then uses the infected computer's email client to harvest email addresses in order to propagate itself. But behind the scenes, it plays real mean: searching C through Z drives and selecting crucial file extensions and rendering them useless by making them 0 bytes long. Result: Non-recoverable data or computer system failure.

To sanitise your system, you need to mount a full-scale assault.

Waste no time.