October 22, 1999
Web posted at: 4:55 p.m. EDT (2055 GMT)

By D. Ian Hopper
CNN Interactive Technology Edito

The worm that infected computers at the Marine Corps headquarters at the Pentagon early Friday was ExploreZip, an especially malicious virus that typically travels by e-mail, according to a Marine Corps spokesman.

Symantec Corporation told CNN that Marine personnel called a technical support line at Symantec to report the outbreak.

The outbreak affected unclassified documents, and did not impact any command or control capability, Maj. Dave Lapan said. The outbreak was attributed to a user opening an infected file attachment.

"Basically it was an inconvenience to the users who were affected. It just illustrates the hazards of opening files from unknown sources," Lapan said.

The Marine Corps has since restored all lost files from backups.

The ExploreZip worm replicates itself by mailing itself out to unread messages in Microsoft Outlook, Outlook Express and Exchange. It also searches mapped network drives and other networked computers for installations of Windows. Once found, it copies itself into the Windows directory of the remote machine, according to the Symantec AntiVirus Research Center.

The program then destroys a host of files based on file extension, specifically targeting C language code files, Microsoft Word, Excel and PowerPoint files, among others. Rather than simply deleting files - which could then be undeleted - the worm resets the file size to zero bytes, making them much more difficult to recover.

	MESSAGE BOARD
Computer viruses

In June, an ExploreZip outbreak infected computers at many large businesses, including AT&T, Microsoft, Boeing and General Electric.

The worm was first discovered in Israel, and was submitted to Symantec in June. It can be removed using popular anti-virus programs with updated virus definition files