|
|
|
Top 10 malware reported to Sophos in February 2002
This section helps you to understand how it behaves
W32/MyParty-A is a Windows 32 email-aware worm which arrives as an email
with the following characteristics:
Subject: new photos from my party!
Message text:
Hello!
My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!
Attached filename: www.myparty.yahoo.com
Some people may be fooled into believing the attached file is a link to a
website.
If the attached file is executed between 25 January 2002 and 29 January 2002
(inclusive) the worm sends a copy of itself to everybody in the Windows
Address book (except the current user) using a built in SMTP engine.
It gets the SMTP server information from the following registry key: HKCU\Software\Microsoft\Internet
Account Manager\Accounts\00000001. Please note that W32/MyParty-A does not
make any changes to the registry or any INI files. Furthermore, it does not
attempt to run itself when the computer is restarted.
The worm also sends an email to napster@gala.net, a free email account based
in Russia, to track its spread.
In addition on Windows NT/2000/XP the worm drops a copy of the Trojan Troj/Msstake-A
in the user's startup directory. The Trojan is contained in a file named
msstask.exe.
|
|
|
This webpage is optimized for 800 x 600 monitor resolution or above and
the latest web browser. |
|
|
