[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
--My party!--->Worm info
AKA: W32/MyParty-A
Via: http://www.sophos.com/virusinfo/analyses/w32mypartya.html
W32/MyParty-A is a Windows 32 email-aware worm which arrives as an email with the
following characteristics:
Subject: new photos from my party!
Message text:
Hello!
My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!
Attached filename: www.myparty.yahoo.com
Some people may be fooled into believing the attached file is a link to a website. If the attached
file is executed the worm sends a copy of itself to everybody in the Windows Address book
(except the current user) using a built in SMTP engine.
It gets the SMTP server information from the registry key: HKCU\Software\Microsoft\Internet
Account Manager\Accounts\00000001
The worm also sends an email to napster@gala.net to track its spread.
************************************************************************
You are currently subscribed to the Radsafe mailing list. To unsubscribe,
send an e-mail to Majordomo@list.vanderbilt.edu Put the text "unsubscribe
radsafe" (no quote marks) in the body of the e-mail, with no subject line. You can view the Radsafe archives at http://www.vanderbilt.edu/radsafe/
- Follow-Ups:
- Re: Worm info
- From: "Michael Stabin" <michael.g.stabin@vanderbilt.edu>