> Subject: Worm.ExploreZip Worm - IMPORTANT > Importance: High > Activate your virus alert packages - > Folks, > There's another virus out there you should be aware of; it comes as an > attachment to email called Pretty Park.exe. The following is a reminder of > the zipped_files.exe warning we sent out earlier. > Janice > > Folks, > The IIS Virus Alert team has just learned about the Worm.ExploreZip worm. > Like Melissa, this worm utilizes MAPI commands and Microsoft Outlook on > Windows systems to propagate itself. The worm e-mails itself out as an > attachment with the filename "zipped_files.exe". The body of the e-mail > message may appear to come from a known e-mail correspondent and contains > the following text: > > Hi Recipient Name! > > I received your email and I shall send you a reply ASAP. > > Till then, take a look at the attached zipped docs. > > bye > > Once the attachment is executed, the worm proceeds to copy itself to the > c:\windows\system directory with the filename "Explore.exe" and then > modifies the WIN.INI file so, the program is executed each time Windows is > started. The worm then utilizes your e-mail client to harvest e-mail > addresses in order to propagate itself. > > The IIS Virus Alert team is currently working with our anti-virus software > providers to ensure that we have protection against this threat. In the > interim, should you receive a message like the one described above, please > delete it without opening the attachment and then notify Virus Alert via > e-mail immediately. > > You may refer to the attached file for more specific information. Should > you have any questions or concerns regarding this issue, please let us > know. > > Thank you in advance for your assistance. > > IIS Virus Alert Team > > <<worm_explore_zip.html>>