Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/MyLife.I@mm


Threat Risk LOW LOW
Destructivity MEDIUM MEDIUM
Payload File destruction
Detection files published 12 Apr 2002 03:00:00
Description created 11 Apr 2002 03:00:00
Description updated 12 Apr 2002 05:13:00
Malware type WORM
Spreading mechanism EMAIL
Summary None



This worm spreads to all users in the Outlook address book and to addresses in the MSN Messenger contact list.

When run, it will display a small caricature:

(Image not available)

It will add the following registry key so as to be able to start from bootup:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\OX = %SystemDir%\Ox&Wife.scr

It is worth noting that this worm also always sends a copy of itself to another static address. In this case the mail will have the following characteristics:

Subject: Digital Picture -->OX
hi all,
look to the 3D Picture it's very sad
it's OX

Attachment: ox&Wife.scr

Payload Details

The payload triggers when the worm is started from Registry - i.e. at next bootup. It will then overwrite and truncate all non-locked files on the Windows directories to one byte size.





Last Updated: 12 Nov 2015 11:06:11