FanJ
April 2nd, 2002, 09:12 PM
Name: W32/MyLife-C
Type: Win32 worm
Date: 2 April 2002
Sophos has received several reports of this worm from the wild.
Description for W32/MyLife-C:
W32/MyLife-C is a Win32 worm which copies itself to the Windows
system directory as List.TXT.scr and sets the following registry
key to run the copy on restart:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
If List.TXT.scr is executed the worm displays the false error
message "Error Notepad.dll ##".
It then sends itself to addresses from the Outlook address book,
using an email with the following characteristics:
Subject line:
The List
Message body:
Hiiiii
How are youuuuuuuu?
Here is that Notepad you asked for ... don't show anyone else
;-)
Notepad = list
list = 137
buyyyy
========No Viruse Found========
MCAFEE.COM
--------------------------------------------------------
Attached file:
List.TXT.scr
Description for W32/MyLife-D:
W32/MyLife-D is a Win32 worm which copies itself to the Windows system directory as Screen.scr and sets the following registry key to run the copy on restart:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Screen
If Screen.scr is executed the worm displays a messagebox with the title "Error" and the text "Error 1452544 File Not Found".
It then sends itself to addresses from the Outlook address book, using an email with the following characteristics:
Subject line:
New Screen Saver
Message body:
Hiii
How are youu!!?
look to the New Screen Saver it's vvvery verrrry ffffunny :-) :-)
i promise you will love it? ok
buy
========No Viruse Found========
* * * * * * * * MCAFEE.COM
Attached file:
Screen.scr
Description for W32/MyLife-E:
W32/MyLife-E is a Win32 worm which copies itself to the Windows system directory as Screen.scr and sets the following registry key to run the copy on restart:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
If Screen.scr is executed the worm displays the false error message "Error 1452544 File Not Found".
It then sends itself to addresses from the Outlook address book, using an email with the following characteristics:
Subject line:
sexxxyyy Screen Saver
or
New Screen Saver
Message body:
Hiii
How are youu!!?
look to the New Screen Saver it's vvvery verrrry ffffunny :-) :-)
i promise you will love it? ok
buyyyy
========No Viruse Found========
* * * * * * * * MCAFEE.COM
or
New Never Hood Buy
Attached file:
Screen.scr
Description for W32/MyLife-F:
W32/MyLife-F is a Win32 worm which copies itself to the Windows system directory as list480.txt.scr and sets the following registry key to run the copy on restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sys
The worm displays a messagebox with the title "Error" and the text "Error Notepad.dll ##".
It then sends itself to addresses from the Outlook address book, using an email with the following characteristics:
Subject line:
the list
Message body:
Hiiiii
How are youuuuuuuu?
look to the notepad it's vvvery verrrry ffffunny :-) :-)
i promise you will love it :-)
Notepad = list
list = 37
buyyyy
========No Viruse Found========
* * * * * * * * MCAFEE.COM
--------------------------------------------------------
Attached file:
list480.txt.scr
Read the analysis at
http://www.sophos.com/virusinfo/analyses/w32mylifec.html
Type: Win32 worm
Date: 2 April 2002
Sophos has received several reports of this worm from the wild.
Description for W32/MyLife-C:
W32/MyLife-C is a Win32 worm which copies itself to the Windows
system directory as List.TXT.scr and sets the following registry
key to run the copy on restart:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
If List.TXT.scr is executed the worm displays the false error
message "Error Notepad.dll ##".
It then sends itself to addresses from the Outlook address book,
using an email with the following characteristics:
Subject line:
The List
Message body:
Hiiiii
How are youuuuuuuu?
Here is that Notepad you asked for ... don't show anyone else
;-)
Notepad = list
list = 137
buyyyy
========No Viruse Found========
MCAFEE.COM
--------------------------------------------------------
Attached file:
List.TXT.scr
Description for W32/MyLife-D:
W32/MyLife-D is a Win32 worm which copies itself to the Windows system directory as Screen.scr and sets the following registry key to run the copy on restart:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Screen
If Screen.scr is executed the worm displays a messagebox with the title "Error" and the text "Error 1452544 File Not Found".
It then sends itself to addresses from the Outlook address book, using an email with the following characteristics:
Subject line:
New Screen Saver
Message body:
Hiii
How are youu!!?
look to the New Screen Saver it's vvvery verrrry ffffunny :-) :-)
i promise you will love it? ok
buy
========No Viruse Found========
* * * * * * * * MCAFEE.COM
Attached file:
Screen.scr
Description for W32/MyLife-E:
W32/MyLife-E is a Win32 worm which copies itself to the Windows system directory as Screen.scr and sets the following registry key to run the copy on restart:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
If Screen.scr is executed the worm displays the false error message "Error 1452544 File Not Found".
It then sends itself to addresses from the Outlook address book, using an email with the following characteristics:
Subject line:
sexxxyyy Screen Saver
or
New Screen Saver
Message body:
Hiii
How are youu!!?
look to the New Screen Saver it's vvvery verrrry ffffunny :-) :-)
i promise you will love it? ok
buyyyy
========No Viruse Found========
* * * * * * * * MCAFEE.COM
or
New Never Hood Buy
Attached file:
Screen.scr
Description for W32/MyLife-F:
W32/MyLife-F is a Win32 worm which copies itself to the Windows system directory as list480.txt.scr and sets the following registry key to run the copy on restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sys
The worm displays a messagebox with the title "Error" and the text "Error Notepad.dll ##".
It then sends itself to addresses from the Outlook address book, using an email with the following characteristics:
Subject line:
the list
Message body:
Hiiiii
How are youuuuuuuu?
look to the notepad it's vvvery verrrry ffffunny :-) :-)
i promise you will love it :-)
Notepad = list
list = 37
buyyyy
========No Viruse Found========
* * * * * * * * MCAFEE.COM
--------------------------------------------------------
Attached file:
list480.txt.scr
Read the analysis at
http://www.sophos.com/virusinfo/analyses/w32mylifec.html