Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/MyLife.I@mm

Overview

Threat Risk LOW LOW
Destructivity MEDIUM MEDIUM
Payload File destruction
Detection files published 12 Apr 2002 03:00:00
Description created 11 Apr 2002 03:00:00
Description updated 12 Apr 2002 05:13:00
Malware type WORM
Alias
Spreading mechanism EMAIL
Summary None

W32/MyLife.I@mm

Spreading

This worm spreads to all users in the Outlook address book and to addresses in the MSN Messenger contact list.

When run, it will display a small caricature:


(Image not available)


It will add the following registry key so as to be able to start from bootup:


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\OX = %SystemDir%\Ox&Wife.scr

It is worth noting that this worm also always sends a copy of itself to another static address. In this case the mail will have the following characteristics:


Subject: Digital Picture -->OX
Body:
hi all,
look to the 3D Picture it's very sad
it's OX

Attachment: ox&Wife.scr

Payload Details

The payload triggers when the worm is started from Registry - i.e. at next bootup. It will then overwrite and truncate all non-locked files on the Windows directories to one byte size.

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:11