WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
ExploreZip, an Internet worm first let loose in the wild back in 1999, has reemerged with just enough changes made to allow it to slip through anti-virus software undetected. And it has the added ability to override files on the infected computer, as well as on any other computer in the same network.
And while anti-virus companies were fighting ExploreZip, they were hit with a mass-mailing worm that pays tribute to Canadian singer Avril Lavigne while freezing up infected machines. The worm is going under a few different names, including Avril and Lirva (which is Avril spelled backwards).
F-Secure Corp. has rated both viruses as Level 2 Threats, the second-highest threat category.
ExploreZip, explains Hypponen, is an anomaly in that it's such an old virus -- three-and-a-half years is ancient in the virus world. And, like it's former self, it's cleverly written.
Once ExploreZip infects a computer, it will automatically respond to any email received with a seemingly valid subject line and the user's name, along with an infected attachment.
Once it's in a computer, it will override several different types of files on that computer and any other computer on the same network. Hypponen says its destructiveness elevated it to a Level 2 ranking.
The Lirva worm got a Level 2 rating because of the speed with which it's spreading around the world. It originated, reportedly, in middle Europe and has spread to Turkey, the United States and Southeast Asia in less than 48 hours.
This virus is less destructive than ExploreZip. Once Lirva infects a computer, it opens the computer's Internet Explorer browser to official Avril Lavigne Web site on the 7th, 11th and 24th of the month. It then starts to display colored circles on the screen, freezing the computer.
Three Level 2 alerts were issued on the same day in October 2001.