* via http://theMezz.com/lists * subscribe at http://techPolice.com
Don't Look At 'Party' Pictures Reuters 12:10 p.m. Jan. 28, 2002 PST SAN FRANCISCO -- A new computer bug that tries to trick computer users into clicking on a virus-infected Web link masquerading as party photos emerged in Asia on Monday and began spreading to Europe and North America, computer experts said. The "My Party" worm, which is not considered destructive, spreads by infiltrating popular e-mail software Microsoft Windows Address Book and Outlook Express Database. The worm e-mails itself to every person in an infected users' e-mail log, making it look as if the worm comes from a colleague or friend, experts said. The worm is believed to have originated in Russia because it does not infect computers using keyboards with Cyrillic or Russian characters and, when it infects a new machine, it sends an e-mail to a Russian free e-mail account, according to Mikko Hypponen, manager of antivirus research at Finnish-based F-Secure. The worm, which was first spotted in Singapore, will stop spreading on Wednesday because it was written to spread only between Jan. 25 and Jan. 29, Hypponen added. It installs a backdoor that downloads commands from a Web site hosted by a U.S.-based Internet service provider, but the commands are benign at this point, he said. Officials are attempting to get the ISP to shut down the website, he added. "I'm pretty sure it's a teenager in Russia doing this," Hypponen said. Even though the worm does no real damage to infected computers, what makes it dangerous is its ability to dupe users into executing the file, thinking it will lead to a valid website. "Most people have no idea that .COM is not just part of Web addresses, but is also an executable file extension," Hypponen said. Anti-virus specialist Trend Micro gave the bug a medium risk rating. Security firms said that, compared with past e-mail worms, such as Nimda and Sircam, the number of reported "My Party" infections thus far is moderate. The virus arrives as an e-mail with the subject line "new photos from my party!" It contains an innocuous looking file attachment called www.myparty.yahoo.com. A message in the body of the e-mail reads: "Hello! My party... It was absolutely amazing! I have attached my Web page with new photos! If you can please make color prints of my photos. Thanks!" Graham Cluley, senior technology consultant for Sophos Anti-Virus, said because it carries what appears to be an authentic link from the popular Web portal Yahoo, and appears to come from a colleague or friend, the worm has the potential to spread quickly. Sophos received reports of infection from corporate clients and academic institutions in Asia, the Middle East and Europe. The Web site of UK-based e-mail security service provider MessageLabs indicated that it had detected nearly 1,000 copies of the worm but that number dropped to fewer than 100 later in the day. Sophos has devised a patch and anti-virus software from other companies, including F-Secure and McAfee.com, also detect the virus. Copyright © 2001 Reuters Limited. ===================================================== Don't miss a programming beat! Sign up now for developerWorks weekly newsletter - tools, code, and tutorials - Java, XML, Linux, Open Source, - everything you need. http://click.topica.com/caaafmtb1dhr0b2EDp2f/developerWorks ===================================================== --via http://techPolice.com archive: http://theMezz.com/cybercrime/archive subscribe: [EMAIL PROTECTED] --via http://theMezz.com ==^================================================================ This email was sent to: archive@jab.org EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b2EDp2 Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================