Another E-Mail Virus

Experts scrambled to warn thousands of computer users that a familiar and damaging virus has struck scores of companies and could be slumbering in their e-mail inboxes.

This one - not detected by most virus-checkers - looks like a friendly reply to one of your e-mails, reports CBS News Correspondent Dan Raviv.

The Mini-Zip virus tore through computers on Tuesday, devouring files and crippling e-mail systems, anti-virus analysts said. And Dana Blankenhorn, editor of warns it's expected to renew its assault Wednesday as unsuspecting users log on.

"You have to be very careful this morning," he told CBS Radio News, and he advises "deleting anything [received in e-mail] that's unfamiliar to you."

Dan Schrader, vice president of new technology at Trend Micro in Cupertino, Calif., said he fielded complaints of significant problems from four Fortune 500 companies and scores of smaller companies.

Sal Viveros, a marketing manager for Santa Clara-based Network Associates, which makes anti-virus software, said 20 large corporations had been affected by Tuesday evening.

The experts refused to release the names of affected companies.

Mini-Zip's parent bug, Worm.Explore.Zip, struck last summer. It was considered the most destructive virus since the Melissa outbreak in the spring.

"The last time this virus came along it affected tens of thousands - maybe hundreds of thousands of computers - and caused millions of dollars in damage," Schrader said. "It's malicious and fast-spreading. We consider this to be high-risk."

Dana Blankenhorn

"What's new about this virus is how it masquerades as something you yourself sent," said Blankenhorn.

It wasn't clear whether the problem had been reported to the government-chartered CERT Coordination Center - formerly the Computer Emergency Response Team - at Carnegie Mellon University in Pittsburgh. There were no warnings on its Web site early today.

Anti-virus experts said the bug gets loose from an infected system as a seemingly friendly reply to a clean e-mail sent via the Microsoft Outlook, Outlook Express or Exchange browsers.

The virus intercepts the original message and automatically sends itself as a response - even changing the subject line from, for example, "Work Meeting" to "Re: Work Meeting."

The body of the message reads: "Hi (recipient's name)! I received your e-mail and I shall send you an e-mail ASAP. Till then, take a look at he attached zipped docs. bye."

The e-mail contains an attachment called "zipped-files.exe." If a user double-clicks on the attachment, the virus is set loose in the new victim's system.

It then destroys a series of files in a computer's hard drive by replacing them with empty files.

Anti-virus experts cautioned users against opening e-mails if they do not know the sender or why they were sent. They said the virus could be fought with updated anti-virus software.

By Molly Wood
©1999 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed