SAN JOSE, Jan 28, 2002 (BUSINESS WIRE) -- F-Secure Corporation (HEX:FSC) is
warning computer users about a new worm, known as W32/Myparty, which spreads as
an e-mail attachment, and it uses a novel filename to trick people into clicking
it.
There are two new significant features in this worm. "The real trick here is
that end users have no idea that .COM is not just part of web addresses, it's
also an executable file extension", said Mikko Hypponen, Manager of Anti-Virus
Research at F-Secure. "This worm sends an attachment file called
WWW.MYPARTY.YAHOO.COM, and people will assume it's a link to a website and click
on it - actually executing the worm program instead".
Second, the worm was created in Russia and it will not infect computers in
Russia at all. It had been programmed to spread only between January 25 and 29.
It means that after Wednesday the worm will not spread at all.
The worm was spotted in Singapore on Monday, January 28 and it continues to
spread towards West as business hours go by. Unlike e-mail worms such as
Badtrans or Nimda, which were able to start by just reading the e-mail, Myparty
requires the user to click on the attachment. Myparty will only work under
Windows NT, Windows 2000 or Windows XP.
F-Secure Anti-Virus detects the Myparty worm.
.COM files are executable files which were widely used before .EXE format
executable files were introduced in MS-DOS 2.0 in 1983. COM files are still
supported even by the latest versions of Windows.
"As users very rarely e-mail COM format executables to each other, system
administrators can easily defend against attacks of this type by filtering all
e-mail attachments with an extension of .COM at firewall or e-mail gateway",
commented Hypponen.
The e-mails sent by the worm look like this:
Subject:new photos from my party
Body: Hello! My party... It was absolutely amazing! I have attached my web page
with new photos! If you can please make color prints of my photos. Thanks!
Attachment: www.myparty.yahoo.com
The attachment resembles a web link in many email clients. Screenshots of the
attachment shown under various e-mail programs are available at:
f-secure.com |
