Information from NAI and initial warning from Trend Micro..
Virus Name: W32/Myparty@MM
Risk Assessment: Medium
Discovery Date: 01/27/2002
Length: 29,696 bytes
Minimum Dat: 4184
Minimum Engine: 4.0.70
DAT Release Date: 01/30/2002
Description Added: 01/27/2002
Description Updated: 01/27/2002 11:43 PM (PT)
Due to the number of samples AVERT received Sunday night, an EXTRA.DAT has been posted. AVERT continues to monitor the prevalence of this threat. This mass-mailing worm arrives in an email message containing the following information:
Subject: new photos from my party!
My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!
(29,696 byte PE file)
Running the attachment infects the local machine. The virus copies itself to c:\Recycled\regctrl.exe and executes that file. The users default SMTP server is retrieved from the registry. HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\00000001 The virus uses this SMTP server to send itself out to all addresses found in the Windows Address Book and addresses found within .DBX files.