Thought I'd pass this along... A new "medium" risk virus/mass mailer is making the rounds, as being reported by most of the major virus systems.
W32/Myparty@MM or W32.Myparty@MM arrives in an email with an attachment (www.myparty.yahoo.com, size 29696 bytes) as follows...
- Subject: new photos from my party!
Hello!
My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!
The virus copies itself to C:Recycledregctrl.exe (or c: if NT/2K/XP) and executes that file, which in turn sends a copy of itself to all addresses found in the Windows Address Book and other .DBX files.
The final act is to mail napster@gala.net, allowing the author to track how far his creation has spread.
It also drops a BackDoor trojan on NT/2K/XP systems. The BackDoor is in the form of MSSTASK.EXE, located in the start up folder of the current user, which when executed, attempts to connect to https://209.151.250.170/ and download the command file that operates the backdoor.
News source: Messagelabs - 28 Jan 2002 - Myparty - mass mailer
View: McAfee: W32/Myparty@MM and download updates EXTRA.DAT and SUPER EXTRA.DAT
View: Symantec/SARC: W32.Myparty@mm and download update 0127i32.exe (more languages available).
View: Sophos: W32/MyParty-A and download update
