MyParty is the first pervasive virus written in the new year to make the rounds This particular worm doesn’t hold any new threat or innovation that we haven’t seen before, is fairly easy to contain and remove, but it is fairly infectious and like all such creatures, can be a nuisance if triggered. Its primary dangers are the usual mass mailing, and more significantly, a payload which includes a back door Trojan.
What to Look For
The virus is most commonly delivered as an e-mail that appears as follows:
Subject: new photos from my party! Message: Hello! My party... It was absolutely amazing! I have attached my web page with new photos! If you can please make color prints of my photos. Thanks! Attachment: www.myparty.yahoo.com
The attachment name is part of the social engineering scheme at play. Some unsuspecting users will associate the extension with an URL, but of course .COM signifies an executable, which will infect the machine if launched.
The first part of the payload is already passé. From the dates January 25-29, 2002, the program will attempt to send mail to everyone in your Outlook and Windows address books. An e-mail is also sent to [email protected], presumably for the author(s) to track its course. This may also include the user’s default SMTP server, which will have been gleaned from the registry entry at
HKEY_CURRENT_USERSoftwareMicrosoftInternet Account ManagerAccounts