1 / 3

NEW Virus Name: W32.Myparty@mm Mass mailing email worm – arrives by e-mail:

NEW Virus Name: W32.Myparty@mm Mass mailing email worm – arrives by e-mail: Subject line: new photos from my party! Body: Hello! My party… it was absolutely amazing! I have attached my web page with photos! If you can please make color prints of my photos. Thanks!

marci
Download Presentation

NEW Virus Name: W32.Myparty@mm Mass mailing email worm – arrives by e-mail:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NEW Virus Name: W32.Myparty@mm Mass mailing email worm – arrives by e-mail: Subject line: new photos from my party! Body: Hello! My party… it was absolutely amazing! I have attached my web page with photos! If you can please make color prints of my photos. Thanks! Attachment name: www.myparty.yahoo.com

  2. NEW Virus When executed – checks the date. If not between January 25-29, 2002 OR keyboard settings are Russian, copies itself to C:\Recycled-F-[random digits]-[random digits] and exits Otherwise, it continues and checks its own filename: If .COM, copies itself to: C:\regctrl.exe (on NT/2K/XP) C:\Recycled\regctrl.exe (on 9x/ME) And then executes the regctrl.exe This initiates address book actions mailing itself to email address Found in the local address book.

  3. NEW Virus Then sends itself to the addresses identified. On NT/2K/XP, it attempts to copy itself to: %Windows%\Start Menu\Programs\Startupp\msstask.exe To execute when Windows starts up. Finally sends a message to “napster@gala.net”, so the author can track progress. The worm also checks its own file name. If the file name is “access” it attempts to launch a web browser to http://www.disney.com and exits.

More Related