W32/MyLife-J

Discussion in 'malware problems & news' started by FanJ, Apr 12, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Name: W32/MyLife-J
    Type: Win32 worm
    Date: 12 April 2002

    At the time of writing Sophos has received just one report of
    this worm from the wild.

    Description:

    W32/MyLife-J is a Win32 worm that copies itself to the Windows
    system folder as usa.scr and sh.scr and creates the following
    registry value so that the copy will be run on Windows startup:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Scr

    When first executed the worm will check to see if the file
    usa.scr exists in the system directory. If the file does exist
    and the time is between 9 a.m. and 10 a.m. the worm will delete
    all files from drive C:.

    If the copy of the worm does not exist then a window will be
    displayed with the title "SHARON", containing a caricature of an
    ox along with the text "wE * sAy *iT's* oX * tHeY * sAy * mIlK *
    iT * !!". The worm then sends itself to addresses from the
    Outlook address book, using an email with the following
    characteristics:

    Subject line:
    sexyy Screen Saver

    Message text:
    hi
    look at the screen saver it's very funny
    bye

    Attachment:
    usa.scr


    Read the analysis at
    http://www.sophos.com/virusinfo/analyses/w32mylifej.html
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.