MyParty will be a short one

MyParty will be a short one

The biggest worm of the year has struck, and it's no party.

When executed, W32.MyParty-A@mm, also known as MyParty, spreads using its own e-mail engine via Outlook, Outlook Express and Exchange and drops a backdoor program called Msstake-A, into the infected system. MessageLabs reported seeing more than 9,700 copies at 5 p.m. Monday.

FOR MORE INFORMATION
searchSecurity Best Web Links on malware

See this searchSecurity exclusive, "Virus fight goes beyond antivirus software"

MyParty will be short-lived, however. The worm will only spread until late today because its author set it to spread between Jan. 24 and Jan. 29, said Roger Thompson, technical director of malicious code research for TruSecure.

MyParty arrives in an e-mail with the subject line: "new photos from my party!" The virus is executed when a user clicks on the attachment that arrives in the form of a URL: "www.myparty.yahoo.com," thus fooling some into thinking it's a link to a Web site.

The message comes with the following text:

Hello!
My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!

The worm is cloaked as an executable link to the site but is really about 30 KB of malicious code written in Visual C++, said Chris Wraight, technical director with Sophos. When executed, it sends copies of itself to everyone in the Windows address book but not the infected users. MyParty also sends a message to napster@gala.net, probably so the writer can track the worm's progress, Wraight said.

MyParty drops Troj/Msstake-A, a backdoor Trojan, in infected machines. The Trojan could allow someone to gain remote access of the machine over a network. Virus experts contacted by searchSecurity report no known exploitations of the Trojan.

It's not known which versions of Windows are affected by the malicious code, but Thompson found during tests that it spreads on machines running both Windows 2000 and Windows XP. But the backdoor wasn't installed in the XP box, he said.

The morale of MyParty is that users should be suspicious whenever "they receive an unsolicited e-mail with an attachment, even from a friend or family member," Wraight said.

Dig deeper on Security Resources

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close