Explore uses a reproductive strategy similar to Melissa: trust for people with whom one regularly corresponds. The easiest way to describe the worm is to outline the similarities and differences with Melissa.
Melissa used Microsoft Outlook to spread itself, but was a Microsoft Word macro virus, and used the functions of Word for both infection and payload. Explore is not a virus, in that it does not infect another object. It is technically more like the Internet Worm of 1988 in that it sends itself as a single object. Explore uses Outlook to spread itself. Whereas Melissa read the address book, Explore parses the Outlook Inbox, and "replies" to all messages. Part of what this means is that Explore messages appear to be replies to messages that you have sent.
Like Melissa, Explore arrives as an attachment. Again, we reiterate: DO NOT RUN ANY ATTACHMENTS IF YOU DO NOT KNOW WHAT THEY ARE!
Explore is a regular executable program, and does not require Word for any functions. Unlike Melissa it will install itself on the computer in such a manner that it starts at boot time, and will continue to run in the background, replying to all new mail. As an executable file, Explore will not run on Macs or other non-Wintel machines.
The subject of "infected" messages will appear to be a reply to a prior message. The test of "infected" messages reads:
================================================== Hi [Receipient Name]!If the executable file is run, it may generate a false alert message stating that the file is corrupted. This appears to be an attempt to persuade people that the program has not actually run.I received your email and I shall send you a reply ASAP.
Till then, take a look at the attached zipped docs.
bye (or sincerely [Receipient Name]) ==================================================
The major point about Explore, however, is that is carries a damaging payload. It truncates to zero length (empties the contents of) files with extension .c (C language source code), .h (C "header" libraries), .asm (assembler source), ..doc (Word document), .xls (Excel), and .ppt (PowerPoint). Thus, the payload targets software developers using the C language, and office work by people using Microsoft's Office suite. Loss of these files can be much more damaging than loss of system or program files.
Go To Page: 1 2
