DO NOT OPEN ZIPPED FILE ATTACHMENTS. YOU MAY KNOW THE SENDER. THE SENDER MAY NOT KNOW THEY ARE SENDING YOU THE WORM. IF A SENDER HAS OPENED THE ZIPPED FILES WITH THE WORM, THEN THE WORM IS IN THEIR COMPUTER AND THE WORM WILL AUTOMATICALLY SEND EMAIL FROM THAT MACHINE TO ALL LISTED IN THE VICTIM'S EMAIL INBOX. (I don't know about a fix. I just received these msgs.) The email msg which is being sent from infected computers looks something like this: Hi <Recipient Name>! I received your email and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs. Bye (This salutation messages changes and may be "Bye", Sincerely" and "All") ******** Technical stuff for the worm below: TROJ_EXPLOREZIP Is Back with a Twist A variant of the autospam TROJ_EXPLOREZIP worm, TROJ_EXPZIPWMPAK, is spreading quickly and damaging files There is a newly discovered variant of the Trojan ExploreZip worm that was originally discovered in June, 1999. This variant, TROJ_EXPZIPWMPAK, is identical to the original ExploreZip worm in that it is auto-spamming malicious code that destroys data on the infected system. The only significant difference between this variant of the worm and the original is that TROJ_EXPZIPWMPAK is compressed with a different type of compression format, thereby evading protection for the previous worm. TROJ_EXPZIPWMPAK attacks Windows 95, 98, and NT systems and has been detected at several Fortune 500 customer sites in the United States. TROJ_EXPZIPWMPAK emails itself out as an attachment under the filename "zipped_files.exe". The subject line of the email varies. The body of the email message may also contain the following text: Hi <Recipient Name>! I received your email and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs. Bye (This salutation messages changes and may be "Bye", Sincerely" and "All") After a user clicks on the attachment, this destructive trojan searches hard drives C: through Z:, selecting the Microsoft Word, Excel and PowerPoint files as well as source code files used by programmers including C++, C, and Assembler source files and reduces their file size to zero, making the data unrecoverable. When executed, TROJ_EXPZIPWMPAK utilizes MAPI enabled email systems, to automatically reply to any subsequently received email messages. The email reply will include the infected attachment with the message shown above. It will use the subject line of the received email when it replies. "TROJ_EXPLOREZIP caused millions of dollars of damage worldwide the first time since it overwrites files, instead of just deleting them, it's particularly damaging.