The recent reappearance of MiniZip, an ExploreZip mutant, might have been someone's innocent boo-boo. That's how one expert assessed the unusual re-appearance of the dangerous, file-destroying computer worm.
"My bet is that somebody made this by accident," said Mikko Hypponen, manager of anti-virus research for anti-virus software firm Data Fellows. "They [unwittingly] generated a mutant version."
Since virus-writers rarely attempt to re-propagate the same virus code, Hypponen suspects an innocent mistake. He guesses that a user unwittingly compressed the virus using a relatively rare compression format that failed to detect it. Once uncompressed by a recipient, the virus was able to set off the same email-based proliferation process that spread ExploreZip.
Data Fellows and other anti-virus software companies were alerted Wednesday to the encore appearance of ExploreZip, an email-propelled computer virus that wreaked havoc on an estimated 150,000 computers worldwide in June.
MiniZip, a so-called Trojan horse virus, affects Windows 95, 98, and NT computers and arrives as an email that appears to come from a friend. The recipient is invited to open an attached file. If opened, the attachment destroys selected files on the user's disk.
The June outbreak cost company networks hundreds of millions of dollars in damage to thousands of computers around the world.
ExploreZip has long since been conquered by protective software and network administrators. But the unfamiliar software utility compression scheme effectively provided ExplorerZip with a new disguise.
"[They would have] actually generated a mutant new version of the virus, which is now going around the world," Hypponen said.
Software viruses are a lot like biological viruses, he explained, in that they are able to affect immune systems that are already on the defensive for a strain of flu they've encountered in the past.
As the original virus did the first time, the MiniZip Trojan horse was free to "spam" itself all over the Internet via email.
Anti-virus firms quickly upgraded programs to combat the bug on Wednesday. But the worm had already been detected at several Fortune 500 customer sites in the United States, anti-virus software companies report. Hypponen estimates 10,000 PCs were affected worldwide, in comparison to 150,000 the first go-round.
"It is in the wild, it's growing," said Keith Peer, president of Central Command, an Ohio anti-virus consultant. "We are getting infection reports as we speak ... one to five calls per hour."
"We haven't really heard of too much damage, because people have been proactively sending us the sample rather than allowing it to spread," said Narender Mangalam, director of security strategy for Computer Associates International. The company received calls from at least two Fortune 500 companies, and more than 20 smaller firms, he said. Earlier mega-viruses have made companies increasingly sensitive to these security breaches, he said.
Network Associates, a computer security firm, said it heard from 10 major companies in the high-tech and entertainment businesses that were hit by the resurgent email-propagated code.
Experts cautioned computer users to avoid opening unsolicited email attachments and also to run anti-virus software that has been updated to knock out the new infection.
Reuters contributed to this report.
