---------------------- Forwarded by Jacky ESAYAG/ENNOV on 30/01/2002 09:56 ---------------------------
"Dr Sylvia Windholz" <[EMAIL PROTECTED]> on 30/01/2002 00:14:01
To: "Jacky" <[EMAIL PROTECTED]>, "Ruth"
<[EMAIL PROTECTED]>, "Helene" <[EMAIL PROTECTED]>,
"Helena Esayag" <[EMAIL PROTECTED]>
cc:
Subject: Fw: New E-mail Worm Is No Party, Virus-Fighters Say
----- Original Message -----
From: Avraham Anidjar
To: Aaron Elbaz
Sent: Tuesday, January 29, 2002 11:22 AM
Subject: New E-mail Worm Is No Party, Virus-Fighters Say
New E-mail Worm Is No Party, Virus-Fighters Say
Anti-virus companies say a new e-mail worm they have
named "Myparty" won't be much fun for PC users who launch
the malicious code after clicking on what they think is a
link to a page on the Yahoo Web site.
Researchers at Moscow-based Kaspersky Labs said today
that the code behind the Myparty worm, written for the
Windows operating system, isn't particularly unusual,
including its ability to open a backdoor in some versions
of Windows that could then be exploited by hackers.
However, Kaspersky spokesman Denis Zenkin said, the virus author's decision to name
his executable file like a Web URL - "www.myparty.yahoo.com"
- appears to be fooling many Internet users who are finding the file linked to
e-mail messages.
"The rest of the program is a classic Internet worm that is not differentiated from
hundreds of similarly created Internet worms," Zenkin said in
a prepared statement. "This occurrence once again confirms that not everything
beginning with 'www' and ending in '.com' is a Web site."
Symantec Corp.'s Security Response team has already given Myparty a severity rating
of 3 on a scale of 1 to 5, largely because of the potential
for the worm to spread rapidly.
Cupertino, Calif.-based Symantec said Myparty arrives attached to an e-mail that
will have the subject: "new photos from my party!"
The text of the message reads: "Hello! My party ... it was absolutely amazing! I
have attached my web page with new photos! If you can please
make color prints of my photos. Thanks!"
Kaspersky Labs said that, at first glance, the e-mail's link to the
"www.myparty.yahoo.com" file might look like a Web-site URL, even to users
who know better than to click on executable attachments.
Kaspersky reported that Myparty appears to be programmed to spread only between the
dates of Jan. 25-29 of this year (assuming an infected PC's
clock is set correctly). To help itself reproduce, Myparty packs its own simple
mail transfer protocol (SMTP) engine so that it can send its
messages directly to e-mail servers without piggybacking on client software such as
Outlook Express.
Myparty reads the address books used by Outlook Express and other Windows programs
in its search for e-mail addresses to which it will send
copies of the worm.
Kaspersky said the worm also attempted to send messages to an e-mail address at
Gala.net, a Ukraine-based Web portal that offers its users e-mail
accounts. Kaspersky said those messages were probably designed to notify the worm's
author of each new infection.
"On computers with Windows NT/2000/XP, the worm installs a spy program for remote
unauthorized control," Kaspersky added. "In this way, a
malefactor can gain total control over a victim's computer."
More information is available through Kaspersky Labs' Virus Encyclopedia:
http://www.viruslist.com.
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
