copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » AL-2002.01 -- UNIRAS ALERT - W32/Myparty@MM Worm
 

AL-2002.01 -- UNIRAS ALERT - W32/Myparty@MM Worm
Date: 28 January 2002

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
A  U  S  C  E  R  T                                           A  L  E  R  T

                         AL-2002.01 -- AUSCERT ALERT
                     UNIRAS ALERT - W32/Myparty@MM Worm
                               28 January 2002

===========================================================================

        AusCERT Alert Summary
        ---------------------

The message included below is an alert published by UNIRAS regarding a
new email virus/worm "W32/Myparty@MM". Although AusCERT has not received
any reports of local infections, the risk of rapid propagation of this
virus makes it imperative that members disseminate and take action on this
information to prevent any undesirable activity by this virus within their
sites.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----

- - - - -----------------------------------------------------------------------------------
   ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT 
- - - - -----------------------------------------------------------------------------------
       UNIRAS (UK Govt CERT) ALERT Notice - 03/02 dated 28.01.02  Time 08:18
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- - - - -----------------------------------------------------------------------------------
   UNIRAS material is also available from its website at www.uniras.gov.uk and
            Information about NISCC is available from www.niscc.gov.uk
- - - - -----------------------------------------------------------------------------------

Title
=====
Malicious Software Report - W32/Myparty@MM 

Detail
====== 

This mass-mailing worm arrives in an email message containing the following 
information: 

Subject: new photos from my party! 
Body: Hello! 

My party... It was absolutely amazing! 
I have attached my web page with new photos! 
If you can please make color prints of my photos. Thanks! 

Attachment: www.myparty.yahoo.com (29,696 byte PE file) 

Running the attachment infects the local machine. The virus copies itself to 
C:Recycled
egctrl.exe and executes that file. The users default SMTP server is 
retrieved from the registry. 

HKEY_CURRENT_USERSoftwareMicrosoftInternet Account ManagerAccounts0000001 

The virus uses this SMTP server to send itself out to all addresses found in the 
Windows Address Book and addresses found within .DBX files. 

- - - - -----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via EMail to:

uniras@niscc.gov.uk
Tel: 020 7821 1330 Ext 4511
Fax: 020 7821 1686

- - - - -----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of NAI for the information contained in this ALERT. 
- - - - -----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- - - - -----------------------------------------------------------------------------------
<End of UNIRAS ALERT>



- -----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQCVAwUBPFUKZIpao72zK539AQEh/QQAhL0iQ1G8oh5tgC3suY8SZZIC+YygXQ0C
IDbOJYGLS1UkVY7WYBWtmbUtdtXGOq98/3XUI2V1GlkSM9sXFRSlpdoeM8qnums0
FpSu4pkhtvDfQ+FjqsslJwqGF7/gS85kVZTQMUvkPyaaNsRdIsqSM1hSY8xxUHO4
6TnvGXMRZVc=
=+bif
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

This alert is provided as a service to AusCERT's members.  As AusCERT did
not write the document quoted above, AusCERT has had no control over its   
content.  The decision to use any or all of this information is the
responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.

NOTE: This is only the original release of the alert.  It may not be
updated when updates to the original are made.  If downloading at a later
date, it is recommended that the alert is retrieved directly from the
original authors to ensure that the information is still current.

Contact information for the authors of the original document is included
in the alert above.  If you have any questions or need further information,
please contact them directly.

Previous advisories, alerts and external security bulletins can be 
retrieved from:

	http://www.auscert.org.au/Information/advisories.html

If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).

Internet Email: auscert@auscert.org.au
Facsimile:	(07) 3365 7031
Telephone:	(07) 3365 4417 (International: +61 7 3365 4417)
		AusCERT personnel answer during Queensland business hours
		which are GMT+10:00 (AEST).
		On call after hours for emergencies.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key

iQCVAwUBPFaTxih9+71yA2DNAQFlVwP+K/05qQ0k7emWxnyM7fEtI10C9g02F9sA
OXx7wfXzBagqUUc7GQYE+eR8f9mbx9WUmjzrxnyF343Ilvn4NUczSVIR2iOPYzk2
LD0wwukfYb4ynyN4gHvd0bUv42/dUdqhilmxNsvEFSRiJO8oAjq6an01yU7bdqrH
5dQHjWWhdng=
=4ZaZ
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=1&it=114