re: yesterday's virus alert

From:Carrie Kyle-Byrne

just thought i'd let everyone in on the info we were told about the "my
party" virus that snuck by on the histonet yesterday.  here's what was
posted on our internal website:

Please note that there is a new virus (trojan) out.
When the W32/Myparty@MM virus executable is executed on Windows NT machines,
(Windows NT, 2000 or XP) this backdoor is dropped to the startup folder
within the profile of the current user, MSSTASK.EXE: %userprofile%\Start
Menu\Programs\Startup\msstask.exe.  This ensures the backdoor is executed
upon system startup, at which point it goes memory resident, and the machine
is rendered vulnerable.
NB: W32/Myparty@MM only massmails itself and drops the backdoor component if
the system date is within the following range:
25th - 29th January 2002 inclusive
Outside of this date range, no backdoor component is dropped.
MSSTASK.EXE is compressed with UPX, and is 6,144 bytes in length (unpacked
the file is 152,064 bytes).
Once running, the backdoor tries to connect to the following IP address: in order to download the command file that operates
the backdoor.
A second W32/Myparty@MM variant which only operates between 20th-24th
January 2002 (hence will not replicate on machines with correctly set date
now) drops an identical backdoor component to that described above. The only
difference is the date range in which the backdoor is dropped.
it looks like the danger is now past.....given that the date is now 01.30.02
hope noone out there got hit.

Carrie Kyle-Byrne, BHS, HT(ASCP)
Assoc. Research Scientist II
Molecular Target Research

Exelixis, Inc.
170 Harbor Way
P.O. Box 511
South San Francisco
CA 94083-0511 USA

Phone: (1 650) 837-8023
Fax: (1 650) 837-7240

This email message is for the sole use of the intended recipient(s) and may
confidential and privileged information.  Any unauthorized review, use,
or distribution is prohibited.  If you are not the intended recipient,
please contact
the sender by reply email and destroy all copies of the original message.

<< Previous Message | Next Message >>