Date: 03 April 2002
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
A U S C E R T A L E R T
AL-2002.04 -- AUSCERT ALERT
W32.MyLife.F@mm Worm
3 April 2002
===========================================================================
AusCERT Alert Summary
---------------------
AusCERT is aware of a new variant of the MyLife Worm: MyLife.F.
AusCERT has received reports of local activity and the risk of
rapid propagation of this virus makes it imperative that members
disseminate and take action on this information to prevent any
undesirable activity by this virus within their sites.
MyLife.F exhibits similar behaviour to previous variants,
propagating via the Microsoft Outlook address book. The email has
a subject line of "the list", and a body as follows:
Hiiiii
How are youuuuuuuu?
look to the notepad it's vvvery verrrry ffffunny :-) :-)
i promise you will love it :-)
Notepad = list
list = 37
buyyyy
========No Viruse Found========
MCAFEE.COM
--------------------------------------------------------
Attachment: List480.TXT.scr
After infection, the worm is executed during system startup with
this registry key:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion_Run
"sys" = C:WINDOWSSYSTEMList480.TXT.scr
Several major anti-virus software vendors have noted activity
within Australia.
More information is available from:
http://vil.nai.com/vil/content/v_99429.htm
http://www.f-secure.com/v-descs/mylife.shtml
http://www.messagelabs.com/viruseye/
- ---------------------------------------------------------------------------
The AusCERT team has made every effort to ensure that the information
contained in this document is accurate at the time of publication. However,
the decision to use the information described is the responsibility of
each user or organisation. The appropriateness of this document for an
organisation or individual system should be considered before application
in conjunction with local policies and procedures. AusCERT takes no
responsibility for the consequences of applying the contents of this
document.
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
AusCERT maintains an anonymous FTP service which is found on:
ftp://ftp.auscert.org.au/pub/. This archive contains past SERT and AusCERT
Advisories, and other computer security information.
AusCERT maintains a World Wide Web service which is found on:
http://www.auscert.org.au/.
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business
hours which are GMT+10:00 (AEST). On call
after hours for emergencies.
Postal:
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
AUSTRALIA
===========================================================================
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBPUeieih9+71yA2DNAQGfWwP+OE9A4kyjxS0vVMgf5dgGxDuMfOv5zviw
FxjbB0HmNndag7siyabZVx73adPxko0nNV+wxjFNLUB/Iqea6VtoS3PYA0uwsub4
GuwDCHHrALmDxrQ+V76w1tBWK8QrwQ+SuoE8xVLMyKsSnfYv6N++r1Nmg5UGc/CA
qEvPo+XsaPA=
=9Q1v
-----END PGP SIGNATURE-----
|