Posted on 30-1-2002
WORM_MYPARTY.A
A new mass mailer worm has been reported to be on the rise.
As yet the main
cases have been in the UK and USA, however it seems to be spreading.
It
arrives in an email with the subject line: "new photos from
my party!" and
with the attachment "www.myparty.yahoo.com".
It has a built-in SMTP engine, which it uses to send itself
via email to
all addresses listed in the infected user's Windows Address
Book (WAB)and
Outlook Express Database (DBX) files.
Whilst not majorly destructive it is highly annoying and should
be
protected against. Even if you have virus protection software
you must
remember to update it regularly, as new viruses are being found
on an
almost daily basis. Common anti-virus programmes are McAfee.com
and Nortons
(symantec.com)
In addition, the worm sends a message to the author so that
the author can
track the worm. On NT/2000/XP systems, the worm drops a backdoor
Trojan
that allows a hacker to control your system. NAV will detect
this as
Backdoor.Myparty.
Finally, if the file name of the worm is Access.<any extension>,
it may
launch your Web browser to http:/ /www.disney.com.
However, the worm does
not contain code which can generate a file with the name Access.<any
extension>, so it is highly unlikely that this will trigger.
Also Known As: W32/Myparty@MM, WORM_MYPARTY.A, W32/MyParty-A,
Win32.MyParty, I-Worm.Myparty
Type: Trojan Horse, Worm
Infection Length: 29,696 bytes
Virus Definitions: January 28, 2002
|