ExploreZip, an Internet worm first let loose in the wild back in 1999, has reemerged with just enough changes made to allow it to slip through anti-virus software undetected. And it has the added ability to override files on the infected computer, as well as on any other computer in the same network.
And while anti-virus companies were fighting ExploreZip, they were hit with a mass-mailing worm that pays tribute to Canadian singer Avril Lavigne while freezing up infected machines. The worm is going under a few different names, including Avril and Lirva (which is Avril spelled backwards).
F-Secure Corp. has rated both viruses as Level 2 Threats, the second-highest threat category.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i "It's a big fuss when we have to try to fight two fires at the same time," says Mikko Hypponen, manager of anti-virus research in F-Secure Corp.'s Finland office. "Regarding virus outbreaks, 2002 was a calm year. We haven't had a fight like this in a while. It's early in January and we're looking at our third Level 2 alert of the year. In comparison, in all of last year we had 27 Level 2 alerts for the whole year."
ExploreZip, explains Hypponen, is an anomaly in that it's such an old virus -- three-and-a-half years is ancient in the virus world. And, like it's former self, it's cleverly written.
Once ExploreZip infects a computer, it will automatically respond to any email received with a seemingly valid subject line and the user's name, along with an infected attachment.
Once it's in a computer, it will override several different types of files on that computer and any other computer on the same network. Hypponen says its destructiveness elevated it to a Level 2 ranking.
The Lirva worm got a Level 2 rating because of the speed with which it's spreading around the world. It originated, reportedly, in middle Europe and has spread to Turkey, the United States and Southeast Asia in less than 48 hours.
This virus is less destructive than ExploreZip. Once Lirva infects a computer, it opens the computer's Internet Explorer browser to official Avril Lavigne Web site on the 7th, 11th and 24th of the month. It then starts to display colored circles on the screen, freezing the computer.
Three Level 2 alerts were issued on the same day in October 2001.