Another New One

This is a copy & paste of an e-mail from RoadRunner ( My ISP )

----------------------------------------------------------------------

Evening All,
Just got a letter from one of our subs at the same time I was writing out this email warning. Nice to see others on the look out. Nice catch Don. Now on to the Bug du jour...W32.MyLife.F

W32.MyLife.F@mm is a mass-mailing worm that emails itself to all email addresses in the Microsoft Outlook address book and the MSN Messenger contact list. It arrives as the attachment List480.TXT.scr.

Depending on the system time, it may format drives and delete files.

Damage:

Payload Trigger: System time minutes greater than or equal to 50 and the worm has been run on the system at least once already.
Payload: Format drives D, E, F, G, H and I
Deletes files: All files on the C drive
Causes system instability: The system may not function properly anymore after the payload has executed.
Distribution:

Subject of email: the list
Name of attachment: List480.TXT.scr
Size of attachment: 7,680 bytes

Technical description:

When the worm is run, it does the following:

It first copies itself to %SYSTEM%\List480.TXT.scr.

NOTE: %System% is a variable. The worm locates the \Windows\System folder (by default this is C:\Windows\System or C:\Winnt\System32) and copies itself to that location.

Next, it adds the value

sys %SYSTEM%\List480.TXT.scr

to the registry key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

so that the worm is executed each time that you start Windows.

Displayed message
To make you think that the List480.TXT.scr file did not work properly, the worm displays a message that has the following characteristics:

Title: Error
Text: Error Notepad.dll ##

Propagation
This worm spreads by using Microsoft Outlook to email itself to all addresses in the Microsoft Outlook address book and the MSN Messenger contact list. The message has the following characteristics:

Subject: the list
Message:
Hiiiii
How are youuuuuuuu?
look to the notepad it's vvvery verrrry ffffunny
i promise you will love it
Notepad = list
list = 37
buyyyy

========No Viruse Found========
MCAFEE.COM
--------------------------------------------------------

Attachment: List480.TXT.scr

Payload
If the system time is greater than or equal to 50 minutes, the worm displays a message that has the following characteristics:

Title: LoOoOoL
Text: My Life.C

The worm attempts to delete all files on drive C, as well as to format drives D, E, F, G, H, and I.

---------------------------------------------------------

Looks like this one could be pretty nasty. As usual, the best defense is to have and maintain an up to date anti-virus program. Also, you just can't own the program and have it work. That's like having a cow and expecting milk to be in your frig without helping bossy out. You got to make sure it has the latest virus definitions in it. Then, just having the program up to date don't help unless you run a scan on a regular basis. Once a week would be a good start. Having a anti virus program that scans your email on the way in is, a pretty good thing too.

Now for those of us using Macintosh. I am unaware if this has any effect on those systems. I haven't read anything about that so that makes me think that it shouldn't bother the Apple types among us. Now having said that I also think, if it was me with a Mac, I would look further into this issue.

 

If those buttheads HAD a life, there'd be far fewer of these annoying things.