MyLife worm tries to delete Windows files

Fortunately, a bug in the malicious code prevents it from working as intended.

A worm posing as an old-fashioned photograph of a girl holding a flower is making the rounds on the Internet. MyLife (w32.mylife@mm) is a 30,720-byte worm written in Visual Basic and compressed using UPX. If executed, the worm will attempt to mail copies of itself to everyone in the user's address book and will attempt to delete critical Windows files. Fortunately, a bug in the current worm code prevents MyLife from deleting any files. Users of Macintosh and Linux machines are not affected. Because MyLife spreads via e-mail and currently does not damage system files, this worm rates a 4 on the ZDNet Virus Meter.

How it works

MyLife arrives as e-mail with a subject line that reads "my life ohhhhhhhhhhhhh." The body of the e-mail message contains the following text:

:Hiiiii

How are youuuuuuuu? look to the digital picture it's my love vvvery verrrry ffffunny :-) my life = my car my car = my house

The attached file is My Life.scr.

If the user opens the attached file, the worm will display a picture of a young girl sniffing a flower. The active worm will appear as the item My Life in the Windows Task Bar. MyLife copies itself to the Windows System directory and adds itself to the following Registry key:

HKCUSoftwareMicrosoftWindowsCurrentVersionRunstrmgr = C:windowssystemMy Life.scr.

The worm will attempt to delete SYS and COM files from the root directory; COM, SYS, INI, and EXE files from Windows directory; and SYS, VXD, EXE, and DLL files from the Windows System directory. Several antivirus vendors have reported that this worm did not delete any files on their test systems.

News source: ZDNet News

View: The Full Story

View: Virus Info - w32.mylife@mm

Report a problem with article
Previous Story

Microsoft issues correction regarding Japanese Xbox recall

Next Story

Sun files antritrust suit against Microsoft

-1 Comments - Add comment

Advertisement