Investment banking firms fall victim to virus

A handful of Wall Street firms are hit by a self-replicating email virus, forcing at least one company to ask employees to shut down their computers.

Evan Hansen Staff Writer, CNET News.com
Department Editor Evan Hansen runs the Media section at CNET News.com. Before joining CNET he reported on business, technology and the law at American Lawyer Media.
Evan Hansen
2 min read
A handful of Wall Street firms were hit by a self-replicating email virus today, forcing at least one company--Banc of America Securities in San Francisco--to ask employees to shut down their computers after the stock market closed.

Sources at Bear Stearns and Banc of America Securities said their firms were hit by a version of the Worm.ExploreZip virus about an hour before the market closed. One source said CS First Boston also was affected. It was unclear if the outbreak was widespread or whether it was limited to the investment banking community.

An executive from antivirus software maker Network Associates said the virus has affected 15 of its customers, including high-tech firms. An executive at rival Symantec, too, said three corporations reported problems. Both declined to identify the companies.

At Banc of America Securities, word of the virus initially came over the "squawk box" from the trading floor, according to one source at the company.

"The guy [on the squawk box] was going crazy," the source said. "If the system shut down before the market closed, it could have cost millions."

There was no evidence that any trades went uncompleted because of the virus, which appeared to be limited to back-office functions such as check payments.

The virus--which first emerged in June--spreads from user to user by taking advantage of automation features available to users of Microsoft email software on Windows machines.

Like the notorious Melissa virus, the Worm.ExploreZip virus spreads when a user clicks on a malicious file attached to an email message. It modifies the victim's computer system to send more copies of itself automatically by email.

But although the Melissa virus was relatively benign to users, Worm.ExploreZip deletes Microsoft Word, Excel and PowerPoint documents.

Symantec believes the companies were hit by a new version of Worm.ExploreZip that appeared late last week. The only difference was that the virus arrived as a compressed file, so existing virus scanners could not catch it, said Vincent Weafer, director of Symantec's AntiVirus Resource Center.

"It then uncompresses itself and does the same as what it did before," he explained.

Symantec said it is updating its antivirus software to recognize and eliminate the virus. Network Associates' McAfee.com has already updated its software to remove the virus. Both companies profit from treating the viruses.

When the original Worm.ExploreZip virus spread in June, it forced companies nationwide to shut down their email systems.