Discussion in 'malware problems & news' started by FanJ, Apr 12, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Name: W32/MyLife-J
    Type: Win32 worm
    Date: 12 April 2002

    At the time of writing Sophos has received just one report of
    this worm from the wild.


    W32/MyLife-J is a Win32 worm that copies itself to the Windows
    system folder as usa.scr and sh.scr and creates the following
    registry value so that the copy will be run on Windows startup:


    When first executed the worm will check to see if the file
    usa.scr exists in the system directory. If the file does exist
    and the time is between 9 a.m. and 10 a.m. the worm will delete
    all files from drive C:.

    If the copy of the worm does not exist then a window will be
    displayed with the title "SHARON", containing a caricature of an
    ox along with the text "wE * sAy *iT's* oX * tHeY * sAy * mIlK *
    iT * !!". The worm then sends itself to addresses from the
    Outlook address book, using an email with the following

    Subject line:
    sexyy Screen Saver

    Message text:
    look at the screen saver it's very funny


    Read the analysis at
Thread Status:
Not open for further replies.