It appeared in my Inbox this morning, so people should continue to be alert
to this virus for the time being.

Jan

----- Original Message -----
From: "Carrie Kyle-Byrne" 
To: "'HistoNet@Pathology.swmed.edu'" 
Sent: Wednesday, January 30, 2002 10:31 AM
Subject: re: yesterday's virus alert


> just thought i'd let everyone in on the info we were told about the "my
> party" virus that snuck by on the histonet yesterday.  here's what was
> posted on our internal website:
>
> Please note that there is a new virus (trojan) out.
> http://vil.mcafee.com/dispVirus.asp?virus_k=99333&
> --------------------------------------------------------------------------
--
> --------
> When the W32/Myparty@MM virus executable is executed on Windows NT
machines,
> (Windows NT, 2000 or XP) this backdoor is dropped to the startup folder
> within the profile of the current user, MSSTASK.EXE: %userprofile%\Start
> Menu\Programs\Startup\msstask.exe.  This ensures the backdoor is executed
> upon system startup, at which point it goes memory resident, and the
machine
> is rendered vulnerable.
> NB: W32/Myparty@MM only massmails itself and drops the backdoor component
if
> the system date is within the following range:
> 25th - 29th January 2002 inclusive
> Outside of this date range, no backdoor component is dropped.
> MSSTASK.EXE is compressed with UPX, and is 6,144 bytes in length (unpacked
> the file is 152,064 bytes).
> Once running, the backdoor tries to connect to the following IP address:
> http://209.151.250.170/ in order to download the command file that
operates
> the backdoor.
> A second W32/Myparty@MM variant which only operates between 20th-24th
> January 2002 (hence will not replicate on machines with correctly set date
> now) drops an identical backdoor component to that described above. The
only
> difference is the date range in which the backdoor is dropped.
>  -------------------------------------------------------------------------
--
> --------
> it looks like the danger is now past.....given that the date is now
01.30.02
> (mm.dd.yy).
> hope noone out there got hit.
> clkb
>
>
> Carrie Kyle-Byrne, BHS, HT(ASCP)
> Assoc. Research Scientist II
> Molecular Target Research
>
> Exelixis, Inc.
> 170 Harbor Way
> P.O. Box 511
> South San Francisco
> CA 94083-0511 USA
>
> Phone: (1 650) 837-8023
> Fax: (1 650) 837-7240
> Email: ckbyrne@exelixis.com
>
> ________________________________________________________________
> This email message is for the sole use of the intended recipient(s) and
may
> contain
> confidential and privileged information.  Any unauthorized review, use,
> disclosure
> or distribution is prohibited.  If you are not the intended recipient,
> please contact
> the sender by reply email and destroy all copies of the original message.
>
>
>
>