ExploreZip worm cleans out Microsoft Office files


Just a few months after the Melissa virus attacked computers, wreaking an estimated $80 million in damage, the ExploreZip worm began zipping through computers across the globe, destroying any Microsoft Office files in its path.

First detected in June 1999, ExploreZip arrived—like Melissa—in the form of an attachment from a sender “known” to the recipient. The message would often look like a reply to a recent message, and it included convincing, personalized text:

“Hi <sender name>! I received your email and will send you a reply ASAP. Till then, take a look at the attached zipped DOCs. Bye.”

The attachment was not zipped docs but rather an insidious compressed executable. First, ExploreZip would march its way through the user’s Outlook account to replicate itself. Then, the worm attacked files ending in .c, .cpp, .h, .asm, .doc, .xls, or .ppt, reducing them to zero bytes. This process would repeat every 30 minutes.

ExlporeZip worm takes advantage of the unprepared

Despite the lessons supposedly learned from Melissa, entities the world over were caught off guard, with an estimated 150,000 computers hit by ExploreZip in June 1999. ExploreZip damage was reported in the U.S., Europe and Asia, with the GE, the BBC, and Microsoft among those it affected. Both GE and Microsoft reportedly took their corporate email systems offline to stop the spread.

A quickly deployed patch stopped ExploreZip in its tracks—at least for a while. “Mutant” versions of the worm were reported in December 1999 (MiniZip) and January 2003 ([email protected], ExploreZip.M or ExploreZip.E).

Photo: Chim / Shutterstock