The Internet Worm “Myparty” poses as a Web-site link
Cambridge, UK 28th January 2002 - Kaspersky Lab, an international data-security software developer, announces the detection of a new Internet worm going by the name of “Myparty” that spreads via e-mail. At this time, several incidents of infection by this malicious code have already been reported.
The worm appears on a target computer as a file attached to an e-mail message. The file is a Windows application about 30Kb in length, it is written in Microsoft Visual C++, and is compressed in a UPX utility.
An infected message appears as follows:
Subject: new photos from my party!
My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!
As is apparent, the file carrier purposely poses as a Web-site address. A user’s trust is taken into account so that when double-clicking on the enclosure, the said user ends up at some Internet address. However, what actually occurs is that a malicious program is activated upon enclosure opening.
“This is definitely a new technique for manipulating a user that is uniquely employed by ‘Myparty’ to have already caused a series of infections. The rest of the program is a classic Internet worm that is not differentiated from hundreds of similarly created Internet worms,” commented Denis Zenkin, Head of Corporate Communications for Kaspersky Labs. “This occurrence once again confirms that not everything beginning with ‘www’ and ending in ‘.com’ is a Web site.”
If the system date on a computer is 25—29 of January 2002, “Myparty” launches its installation and spreading routines. In addition to this, the worm checks for the presence of Russian-language support and if this is detected, the worm finishes its operation and exists a system.
In order to maintain its presence in the memory, upon each infected-computer start-up, the worm creates its copy in different disk directories and registers them in the Windows system registry of the program auto-start section.
In order to send its copies via e-mail, the worm scans the Windows Address Book and DBX (also used in Outlook Express) databases and checks these with all found addresses. Following this, the worm installs a direct connection with a remote SMTP server and imperceptibly, supposedly in the name of the infected computer’s user, sends its copies to these addresses. In order to confirm an infection, the worm also sends a blank e-mail to the email@example.com address.
“Myparty” has some dangerous side effects. On computers with Windows NT/2000/XP, the worm installs a spy program for remote unauthorized control. In this way, a malefactor can gain total control over a victim’s computer.
In addition to this, depending on a number of conditions, “Myparty” opens the http://www.disney.com Web site in the current Internet browser window.
Defense procedures thwarting “Myparty” have already been added to the Kaspersky Anti-Virus database.
A more detailed description of this Internet worm can be found in the Kaspersky Virus Encyclopedia.
About Kaspersky Lab
Kaspersky Lab is a fast growing privately owned data-security software development company with offices in Moscow (Russia), Cambridge (United Kingdom) and Pleasanton (United States). Founded in 1997, the company concentrates its efforts on the development of world-leading data-security technologies and software. The company's flagship software product is Kaspersky Anti-Virus that provides comprehensive virus protection for a wide spectrum of customers from home users to enterprise-wide networks. Kaspersky Lab markets, distributes and supports its software and services in more than 50 countries worldwide.
For more information, contact:
Head of Corporate Communications
Phone: +7 (095) 797 87 00
Marylebone Media Relations
Phone: +44 (0)1344 876558
This press release was distributed by ResponseSource Press Release Wire on behalf of Marylebone Media Relations in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.