[prev in list] [next in list] [prev in thread] [next in thread]
List: jetspeed-user
Subject: Fw: New E-mail Worm Is No Party, Virus-Fighters Say
From: "Jacky ESAYAG" <jesayag () ennov ! com>
Date: 2002-01-30 10:13:14
[Download RAW message or body]
---------------------- Forwarded by Jacky ESAYAG/ENNOV on 30/01/2002 09:56
---------------------------
"Dr Sylvia Windholz" <sylvia.windholz@mcgill.ca> on 30/01/2002 00:14:01
To: "Jacky" <jesayag@ennov.com>, "Ruth"
<Ruth.Marques@equipement.gouv.fr>, "Helene" <hesayag@cantv.net>,
"Helena Esayag" <mesfesab588@cantv.net>
cc:
Subject: Fw: New E-mail Worm Is No Party, Virus-Fighters Say
----- Original Message -----
From: Avraham Anidjar
To: Aaron Elbaz
Sent: Tuesday, January 29, 2002 11:22 AM
Subject: New E-mail Worm Is No Party, Virus-Fighters Say
New E-mail Worm Is No Party, Virus-Fighters Say
Anti-virus companies say a new e-mail worm they have
named "Myparty" won't be much fun for PC users who launch
the malicious code after clicking on what they think is a
link to a page on the Yahoo Web site.
Researchers at Moscow-based Kaspersky Labs said today
that the code behind the Myparty worm, written for the
Windows operating system, isn't particularly unusual,
including its ability to open a backdoor in some versions
of Windows that could then be exploited by hackers.
\
\
However, Kaspersky spokesman Denis Zenkin said, the virus author's decision to name \
his executable file like a Web URL - "www.myparty.yahoo.com"
- appears to be fooling many Internet users who are finding the file linked to \
e-mail messages.
\
"The rest of the program is a classic Internet worm that is not differentiated from \
hundreds of similarly created Internet worms," Zenkin said in a prepared \
statement. "This occurrence once again confirms that not everything beginning with \
'www' and ending in '.com' is a Web site."
\
Symantec Corp.'s Security Response team has already given Myparty a severity rating \
of 3 on a scale of 1 to 5, largely because of the potential for the worm to \
spread rapidly. \
\
Cupertino, Calif.-based Symantec said Myparty arrives attached to an e-mail that \
will have the subject: "new photos from my party!"
\
The text of the message reads: "Hello! My party ... it was absolutely amazing! I \
have attached my web page with new photos! If you can please make color prints \
of my photos. Thanks!" \
\
Kaspersky Labs said that, at first glance, the e-mail's link to the \
"www.myparty.yahoo.com" file might look like a Web-site URL, even to users who \
know better than to click on executable attachments. \
\
Kaspersky reported that Myparty appears to be programmed to spread only between the \
dates of Jan. 25-29 of this year (assuming an infected PC's clock is set \
correctly). To help itself reproduce, Myparty packs its own simple mail transfer \
protocol (SMTP) engine so that it can send its messages directly to e-mail \
servers without piggybacking on client software such as Outlook Express. \
\
Myparty reads the address books used by Outlook Express and other Windows programs \
in its search for e-mail addresses to which it will send copies of the worm. \
\
Kaspersky said the worm also attempted to send messages to an e-mail address at \
Gala.net, a Ukraine-based Web portal that offers its users e-mail accounts. \
Kaspersky said those messages were probably designed to notify the worm's author of \
each new infection.
\
"On computers with Windows NT/2000/XP, the worm installs a spy program for remote \
unauthorized control," Kaspersky added. "In this way, a malefactor can \
gain total control over a victim's computer." \
\
More information is available through Kaspersky Labs' Virus Encyclopedia: \
http://www.viruslist.com. \
\
\
--
To unsubscribe, e-mail: <mailto:jetspeed-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-user-help@jakarta.apache.org>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic