- January 26, 2002
- February 13, 2007 11:57:27 AM
Also Known As:
- W32/Myparty@MM [McAfee], WORM_MYPARTY.A [Trend], W32/MyParty-A [Sophos], Win32.MyParty [CA], I-Worm.Myparty [AVP]
- Trojan Horse, Worm
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
W32.Myparty@mm is a mass-mailing email worm. This worm is capable of spreading itself only between January 25, 2002, and January 29, 2002. However, it remains active on infected computers after this period of time.
It has the following characteristics:
Subject: new photos from my party!
My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!
The worm sends email to all contacts in the Windows address book and to email addresses that it finds in the Outlook Express inboxes and folders. In addition, the worm sends a message to the author so that the author can track the worm.
On Windows NT/2000/XP-based computers, the worm drops a backdoor Trojan that allows a hacker to control the system. Norton AntiVirus detects this as Backdoor.Myparty.
Finally, if the file name of the worm is Access.<any extension>, it may launch the Web browser to http:/ /www.disney.com. However, the worm does not contain code which can generate a file with the name Access.<any extension>, so it is highly unlikely that this will trigger.
Antivirus Protection Dates
Initial Rapid Release version January 28, 2002
Latest Rapid Release version August 20, 2008 revision 017
Initial Daily Certified version January 28, 2002
Latest Daily Certified version August 20, 2008 revision 016
Initial Weekly Certified release date January 28, 2002
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Wild Level: Low
Number of Infections: More than 1000
Number of Sites: More than 10
Geographical Distribution: High
Threat Containment: Easy
Writeup By: Douglas Knowles