[mapserver-users] new photos from my party! CONTAINS VIRUS!!!!!

Eric Frost - HRA EricFrost at HRandAssociates.com
Mon Jan 28 10:07:40 EST 2002


Wow, that's from just last night.. time to update our mail server's dat file..

http://vil.mcafee.com/dispVirus.asp?virus_k=99332
__
Due to the number of samples AVERT received Sunday night, an EXTRA.DAT has been posted. AVERT continues to monitor the prevalence of
this threat.

This mass-mailing worm arrives in an email message containing the following information:
Subject: new photos from my party!
Body: Hello!

My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!
Attachment: www.myparty.yahoo.com (29,696 byte PE file)
Running the attachment infects the local machine. The virus copies itself to C:\Recycled\regctrl.exe and executes that file. The
users default SMTP server is retrieved from the registry.
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\00000001
The virus uses this SMTP server to send itself out to all addresses found in the Windows Address Book and addresses found within
.DBX files.

This virus only attempts to massmail itself if the calendar is showing 25, 26, 27, 28 or 29 January 2002.

There also exists a variant which was only capable of spreading between 20 and 24 January 2002. On computers with correct calendar
setting this variant would not replicate now. It sends the attachment in a slightly different file - myparty.photos.yahoo.com. Size
of the attachment is 28160 bytes.




More information about the mapserver-users mailing list