SINGAPORE--The Symantec Antivirus Research Center (SARC) has discovered a new variant of Melissa called W97M.Melissa.AA today which is believed to be spreading quickly.
The virus--a modified variant of W97M.Melissa.A--spreads when a user clicks on a malicious file attached to an email message. It modifies the victim's computer system to send more copies of itself by email automatically.
A new malicious payload will delete some text from active Microsoft Word documents and attempt to use Microsoft Outlook to email a copy of the infected file to as many as 100 email addresses.
Other key differences from the original W97M.Melissa.A virus are the virus module name and the email subject/message. The virus module name is now called "x". The subject line is now "Duhalde Presidente USERNAME" (where USERNAME is taken from the Microsoft Word setting) and the email message is "Programa de gobierno 1999 - 2004".
A US firm and a Switzerland company have been affected by W97M.Melissa.AA, reported SARC.
Another self-replicating email virus, on the other hand, has hit a handful of Wall Street firms including Bear Stearns and Banc of America Securities.
Sources from the two firms said they were hit by a version of the Worm.ExploreZip virus about an hour before the market closed yesterday. Banc of America Securities was forced to shut down all employees' computers when the stock market closed.
It is believed that CS First Boston was also affected. No one knows if the outbreak was limited only to the investment banking community.
The virus was discovered last Thursday. Called Worm.ExploreZip(pack), it is a variant of Worm.ExploreZip discovered in Israel this June. The only difference is Worm.ExploreZip(pack) has been compressed to about 40 percent smaller in file size.
Its behavior is identical to Worm.ExploreZip. The worm emails itself out as an attachment with the filename zipped_files.exe. It has a destructive payload which will destroy any file with a filename extension of h, c, cpp, asm, doc, ppt, or xls when executed.
The email will contain the following line: "I received your email and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs" appearing to come from a known email correspondent.
Norton AntiVirus users can protect themselves from these viruses by downloading the current virus definitions either through LiveUpdate or from the Download Virus Definition Updates page.
Previous definitions for the original Worm.ExploreZip will not detect this packed version.
Play video
There are currently no comments for this post.