-Caveat Lector- FBI Investigates PC E-Mail Virus Macintosh, Unix Systems Seem Safe By BRUCE MEYERSON .c The Associated Press NEW YORK (June 11) - The FBI on Friday tried to trace the source of a file-destroying software bug that has hit tens of thousands of computers, while software companies posted new virus-killing programs on their Web sites. The Worm.Explore.Zip bug disguises itself as a friendly piece of e-mail, similar to the recent Melissa virus, which infected hundreds of thousands of machines. However, there were signs Friday that it may not be spreading as fast as Melissa. Computer security experts were still trying to assess the outbreak, which even infiltrated computer systems at technology leaders such as Compaq Computer and Motorola, as well as major companies including AT&T, Boeing and General Electric. First detected early this week, Worm.Explore.Zip fools people by masquerading as a message from a friend or acquaintance. It contains an attached file that, when opened, unleashes a malicious program that can wipe out the contents of documents, spreadsheets, graphic presentations and other important files created by Microsoft programs. But thanks to the run-ins with the Melissa and Chernobyl viruses earlier this spring, computer systems managers reacted more quickly when word of Worm.Explore.Zip began to spread. ``We continue to get direct reports, but they're not increasing at the rate it might have, so we're encouraged by that,'' said Mark Zajicek, a member of the Computer Emergency Response Team at the Software Engineering Institute at Carnegie Mellon University in Pittsburgh. Zajicek warned, however, that computer users still need to be cautious about any e-mail with an attachment. ``It's too early to tell how far it's already spread and difficult to tell how far it will spread in the coming days and weeks,'' he said. The FBI issued a warning on its Web site. ``Users should exercise caution when reading their e-mail for the next few days and bring unusual messages to the attention of their system administrator,'' said Michael A. Vatis, director of the FBI's National Infrastructure Protection Center. ``The transmission of a virus can be a criminal matter, and the FBI is investigating.'' Worm.Explore.Zip is the third major bug to sweep across the Internet since late March, when the Melissa virus overwhelmed systems with floods of e-mail. A more damaging virus named Chernobyl struck in late April, but did most of its harm overseas. The new bug is only known to attack computers using Microsoft operating systems Windows 95, Windows 98, and Windows NT. Rival operating systems such as Macintosh and Unix apparently are not vulnerable. The bug also contaminates a computer's e-mail program and sends a copy of itself as a reply to any incoming e-mail. That aspect of the Worm.Explore.Zip makes the bug particularly threatening for companies with large computer networks where workers regularly zip e-mails back and forth. ``Once the virus has started within an organization, it embeds itself into the system,'' said Jan Kaminski, president of FastLane Technologies, a maker of computer network software in Halifax, Nova Scotia. ``There's nothing you can do until you actually remove some files from the machine.'' Software companies said the bug was first detected in Israel earlier this week and has reached at least 12 countries. Early warnings helped AT&T, Compaq and GE contain the damage Thursday when their computer systems were infected, while Microsoft said it shut down its corporate e-mail system for two hours as a precaution. At Boeing, the company shut down an e-mail system that links 160,000 computers. ``We're hopeful we got things shut down fast enough so it will minimize the loss of any documents,'' said spokesman Dave Suffia. At Lucent Technologies, which makes telecommunications equipment, strange messages began appearing on computers on Thursday morning, said spokesman John Skalko, who inadvertently activated Worm.Explore.Zip on his computer. ``That was enough. I lost all my (Microsoft Word) files,'' said Skalko, estimating that 150 documents were destroyed. At least 20 to 30 other computers were stricken by the virus before Lucent technicians shut down the e-mail system and inoculated it. ``I think we nipped it in the bud,'' said Skalko. Worm.Explore.Zip arrives with a friendly message: ``Hi (Recipient Name)! I received your e-mail and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs.'' The message is harmless unless a person opens the ``zipped docs,'' a term referring to a compressed file sent with the e-mail. By opening that file, a person unknowingly activates the bug. Because of the way it works, Worm.Explore.Zip actually does not fit the technical definition of a computer virus. AP-NY-06-11-99 1624EDT **COPYRIGHT NOTICE** In accordance with Title 17 U. S. C. Section 107, any copyrighted work in this message is distributed under fair use without profit or payment to those who have expressed a prior interest in receiving the included information for nonprofit research and educational purposes only.[Ref. http://www.law.cornell.edu/uscode/17/107.shtml ] DECLARATION & DISCLAIMER ========== CTRL is a discussion and informational exchange list. Proselyzting propagandic screeds are not allowed. Substance—not soapboxing! These are sordid matters and 'conspiracy theory', with its many half-truths, misdirections and outright frauds is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credeence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
