Just an advance warning. It appears this is VERY new (like, the first
warnings ever have gone out within the past day - probably even the last 6
hours). Well, the first warning in Australia went out about five minutes
ago - so maybe the rest of the world has been ravaged by this already (I
wanna be here when the bomb drops - we may never find out about it).
Title
=====
Malicious Software Report - W32/Myparty@MM
Detail
======
This mass-mailing worm arrives in an email message containing the
following information:
Subject: new photos from my party!
Body: Hello!
My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!
Attachment: www.myparty.yahoo.com (29,696 byte PE file)
Running the attachment infects the local machine. The virus copies itself
to C:\Recycled\regctrl.exe and executes that file. The users default SMTP
server is retrieved from the registry.
HKEY_CURRENT_USER\Software\Microsoft\Internet Account
Manager\Accounts\00000001
The virus uses this SMTP server to send itself out to all addresses found
in the Windows Address Book and addresses found within .DBX files.
///
/// mgs@autox.team.net mailing list
/// or try http://www.team.net/cgi-bin/majorcool
///
|