Thought I'd pass this along... A new "medium" risk virus/mass mailer is making the rounds, as being reported by most of the major virus systems.
W32/Myparty@MM or W32.Myparty@MM arrives in an email with an attachment (www.myparty.yahoo.com, size 29696 bytes) as follows...
- Subject: new photos from my party!
My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!
The virus copies itself to C:Recycledregctrl.exe (or c: if NT/2K/XP) and executes that file, which in turn sends a copy of itself to all addresses found in the Windows Address Book and other .DBX files.
The final act is to mail email@example.com, allowing the author to track how far his creation has spread.
It also drops a BackDoor trojan on NT/2K/XP systems. The BackDoor is in the form of MSSTASK.EXE, located in the start up folder of the current user, which when executed, attempts to connect to http://18.104.22.168/ and download the command file that operates the backdoor.
News source: Messagelabs - 28 Jan 2002 - Myparty - mass mailer