Information from NAI and initial warning from Trend Micro..
Summary
Virus Name: W32/Myparty@MM
Risk Assessment: Medium
Virus Information
Discovery Date: 01/27/2002
Origin: Unknown
Length: 29,696 bytes
Type: Virus
SubType: E-mail
Minimum Dat: 4184
Minimum Engine: 4.0.70
DAT Release Date: 01/30/2002
Description Added: 01/27/2002
Description Updated: 01/27/2002 11:43 PM (PT)
Virus Characteristics
Due to the number of samples AVERT received Sunday night, an EXTRA.DAT has been posted. AVERT continues to monitor the prevalence of this threat. This mass-mailing worm arrives in an email message containing the following information:
Subject: new photos from my party!
Body: Hello!
My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!
Attachment:
www.myparty.yahoo.com (29,696 byte PE file)
Running the attachment infects the local machine. The virus copies itself to c:\Recycled\regctrl.exe and executes that file. The users default SMTP server is retrieved from the registry. HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\00000001 The virus uses this SMTP server to send itself out to all addresses found in the Windows Address Book and addresses found within .DBX files.