"My Party" virus/mass mailer making the rounds

Thought I'd pass this along... A new "medium" risk virus/mass mailer is making the rounds, as being reported by most of the major virus systems.

W32/Myparty@MM or W32.Myparty@MM arrives in an email with an attachment (www.myparty.yahoo.com, size 29696 bytes) as follows...

Subject: new photos from my party!

Hello!

My party... It was absolutely amazing!

I have attached my web page with new photos!

If you can please make color prints of my photos. Thanks!

The "My Party" virus only mass mails itself and drops the backdoor component if the system date is within the following range: 25th - 29th January 2002 inclusive. Outside of this date range, no backdoor component is dropped.

The virus copies itself to C:Recycledregctrl.exe (or c: if NT/2K/XP) and executes that file, which in turn sends a copy of itself to all addresses found in the Windows Address Book and other .DBX files.

The final act is to mail napster@gala.net, allowing the author to track how far his creation has spread.

It also drops a BackDoor trojan on NT/2K/XP systems. The BackDoor is in the form of MSSTASK.EXE, located in the start up folder of the current user, which when executed, attempts to connect to https://209.151.250.170/ and download the command file that operates the backdoor.

News source: Messagelabs - 28 Jan 2002 - Myparty - mass mailer

View: McAfee: W32/Myparty@MM and download updates EXTRA.DAT and SUPER EXTRA.DAT

View: Symantec/SARC: W32.Myparty@mm and download update 0127i32.exe (more languages available).

View: Sophos: W32/MyParty-A and download update