Posted on 30-1-2002

WORM_MYPARTY.A

A new mass mailer worm has been reported to be on the rise. As yet the main
cases have been in the UK and USA, however it seems to be spreading. It
arrives in an email with the subject line: "new photos from my party!" and
with the attachment "www.myparty.yahoo.com".

It has a built-in SMTP engine, which it uses to send itself via email to
all addresses listed in the infected user's Windows Address Book (WAB)and
Outlook Express Database (DBX) files.

Whilst not majorly destructive it is highly annoying and should be
protected against. Even if you have virus protection software you must
remember to update it regularly, as new viruses are being found on an
almost daily basis. Common anti-virus programmes are McAfee.com and Nortons
(symantec.com)

In addition, the worm sends a message to the author so that the author can
track the worm. On NT/2000/XP systems, the worm drops a backdoor Trojan
that allows a hacker to control your system. NAV will detect this as
Backdoor.Myparty.

Finally, if the file name of the worm is Access.<any extension>, it may
launch your Web browser to http:/ /www.disney.com. However, the worm does
not contain code which can generate a file with the name Access.<any
extension>, so it is highly unlikely that this will trigger.

Also Known As: W32/Myparty@MM, WORM_MYPARTY.A, W32/MyParty-A,
Win32.MyParty, I-Worm.Myparty

Type: Trojan Horse, Worm

Infection Length: 29,696 bytes

Virus Definitions: January 28, 2002