* via http://theMezz.com/lists

* subscribe at http://techPolice.com


Don't Look At 'Party' Pictures
Reuters
12:10 p.m. Jan. 28, 2002 PST


SAN FRANCISCO -- A new computer bug that tries to trick computer users into clicking 
on a virus-infected Web link masquerading as party photos emerged in Asia on Monday 
and began spreading to Europe and North America, computer experts said.

The "My Party" worm, which is not considered destructive, spreads by infiltrating 
popular e-mail software Microsoft Windows Address Book and Outlook Express Database.

The worm e-mails itself to every person in an infected users' e-mail log, making it 
look as if the worm comes from a colleague or friend, experts said.

The worm is believed to have originated in Russia because it does not infect computers 
using keyboards with Cyrillic or Russian characters and, when it infects a new 
machine, it sends an e-mail to a Russian free e-mail account, according to Mikko 
Hypponen, manager of antivirus research at Finnish-based F-Secure.

The worm, which was first spotted in Singapore, will stop spreading on Wednesday 
because it was written to spread only between Jan. 25 and Jan. 29, Hypponen added.

It installs a backdoor that downloads commands from a Web site hosted by a U.S.-based 
Internet service provider, but the commands are benign at this point, he said. 
Officials are attempting to get the ISP to shut down the website, he added.

"I'm pretty sure it's a teenager in Russia doing this," Hypponen said.

Even though the worm does no real damage to infected computers, what makes it 
dangerous is its ability to dupe users into executing the file, thinking it will lead 
to a valid website.

"Most people have no idea that .COM is not just part of Web addresses, but is also an 
executable file extension," Hypponen said.

Anti-virus specialist Trend Micro gave the bug a medium risk rating. Security firms 
said that, compared with past e-mail worms, such as Nimda and Sircam, the number of 
reported "My Party" infections thus far is moderate.

The virus arrives as an e-mail with the subject line "new photos from my party!" It 
contains an innocuous looking file attachment called www.myparty.yahoo.com.

A message in the body of the e-mail reads: "Hello! My party... It was absolutely 
amazing! I have attached my Web page with new photos! If you can please make color 
prints of my photos. Thanks!"

Graham Cluley, senior technology consultant for Sophos Anti-Virus, said because it 
carries what appears to be an authentic link from the popular Web portal Yahoo, and 
appears to come from a colleague or friend, the worm has the potential to spread 
quickly.

Sophos received reports of infection from corporate clients and academic institutions 
in Asia, the Middle East and Europe.

The Web site of UK-based e-mail security service provider MessageLabs indicated that 
it had detected nearly 1,000 copies of the worm but that number dropped to fewer than 
100 later in the day.

Sophos has devised a patch and anti-virus software from other companies, including 
F-Secure and McAfee.com, also detect the virus.

Copyright  2001 Reuters Limited.

=====================================================
Don't miss a programming beat!  Sign up now for
developerWorks weekly newsletter - tools, code, and tutorials -
Java, XML, Linux, Open Source, - everything you need.
http://click.topica.com/caaafmtb1dhr0b2EDp2f/developerWorks 
=====================================================

--via http://techPolice.com
archive: http://theMezz.com/cybercrime/archive
subscribe: [EMAIL PROTECTED]
--via http://theMezz.com

==^================================================================
This email was sent to: archive@jab.org

EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b2EDp2
Or send an email to: [EMAIL PROTECTED]

T O P I C A -- Register now to manage your mail!
http://www.topica.com/partner/tag02/register
==^================================================================

Reply via email to