--- Begin Message ---
Name: W32/MyParty-A
Aliases: W32/[EMAIL PROTECTED], [EMAIL PROTECTED]
Type: Win32 worm
Date: 28 January 2002
A virus identity file (IDE) which provides protection is
available now from our website and will be incorporated
into the March 2002 (3.55) release of Sophos Anti-Virus.
Sophos has received several reports of this virus from the wild.
Description:
W32/MyParty-A is a Windows 32 email-aware worm which arrives as
an email with the following characteristics:
Subject:
new photos from my party!
Message text:
Hello!
My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!
Attached filename:
www.myparty.yahoo.com
Some people may be fooled into believing the attached file is a
link to a website. If the attached file is executed the worm
sends a copy of itself to everybody in the Windows Address book
(except the current user) using a built in SMTP engine.
It gets the SMTP server information from the registry key:
HKCU\Software\Microsoft\Internet Account
Manager\Accounts\00000001
The worm also sends an email to [EMAIL PROTECTED] to track its
spread.
Download the IDE file from
http://www.sophos.com/downloads/ide/mypartya.ide
Read the analysis at
http://www.sophos.com/virusinfo/analyses/w32mypartya.html
Download a ZIP file containing all the IDE files available for
the current version of Sophos Anti-Virus from
http://www.sophos.com/downloads/ide/ides.zip
Read about how to use IDE files at
http://www.sophos.com/downloads/ide/using.html
To unsubscribe from this service please visit
http://www.sophos.com/virusinfo/notifications
--- End Message ---
