Deadly New Virus Being Spread by E-Mail

Computer Associates ^ | 4/13/2002 | Staff

[ex-Texan]

Deadly New Virus Being Spread by E-Mail

Win32/myLife.J.Worm

This is an e-mail worm which spreads using Microsoft Outlook.

Subject: sexyy Screen Saver

Body: hi look to the screen saver it's very funny bye

Attachment: USA.scr

When run, the worm immediately displays a small picture in a window with the title "SHARON", similar to Win32.MyLife.G.

Meanwhile, it copies itself to the system directory as "USA.scr" and "sh.scr" and adds the following registry value so it will be run each time Windows starts:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\scr="%System%\sh.scr"

The worm spreads in a similar way to other Win32.Mylife variants. It sends itself out using Microsoft Outlook to all addresses in the Outlook address book and the Microsoft Messenger contact list.

It also sends an email message to a hardcoded address with the

Subject: funny Screen Saver

Body: hi all, look to the 3D screen saver it's very funny bye

Attachment: sh.scr

The eTrust InoculateIT signature updates listed below contain detection and system cure for Win32/MyLife.J.

To cure an infected system, all files being detected as Win32/MyLife.J must be deleted. This can either be done manually or by setting eTrust InoculateIT to delete infected files.

[MikeJ]

This is a good rule to remember:

Never open an unsolicited attachment with any of the following file types:
.EXE, .COM, .BAT, .PIF, .LNK, .VBS, .VBE, .REG, .CMD, or .SCR

Following this rule will eliminate the risk of virtually all email-borne worms.

[I still care]

Sharon and USA. I wonder who invented this virus?

[supercat]

Never open an unsolicited attachment with any of the following file types: .EXE, .COM, .BAT, .PIF, .LNK, .VBS, .VBE, .REG, .CMD, or .SCR

Additionally, I would suggest ensuring that file extensions are set to display (so a file FOO.TXT.EXE doesn't simply appear as FOO.TXT), and would recommend using Wordpad to open .doc files (it usually produces okay-looking results, but can't run any imbedded macros).

[Nephi]

Can anyone point me to a Windows forum that might be able to help me?

I have got a font glitch that appeared this week that has me stumped.

Also, when I try to log onto raginbull.com, I get an internal server error, even though I can log on through Netscape. (I've dumped my temp files and cookies.)

[ex-Texan]

'raginbull' is now:

http://ragingbull.lycos.com/cgi-bin/static.cgi/a=index.txt&d=mainpages

I have no answers about a Windows forum but you might try searching around at www.msn.com ...

[general_re]

Point your newsreader to MS's support newsgroups and try the appropriate group over there. It's chock full of support goodness ;)

Their NNTP server is msnews.microsoft.com, and if you don't have an NNTP reader, I think they're also carried by Google, IIRC.

[D-fendr]

Turn off Windows scripting, don't use Outlook. Tell your granny.

[NotJustAnotherPrettyFace]

How does one turn off Windows scripting? Please advise. I'm with ya on the Outlook thing - it's a target for hackers looking to "get even" with Bill Gates :-).

[NotJustAnotherPrettyFace]

LOL - you're probably right.

[D-fendr]

How to turn off Windows Scripting

[upchuck]

This is an e-mail worm which spreads using Microsoft Outlook...

It sends itself out using Microsoft Outlook to all addresses in the Outlook address book and the Microsoft Messenger contact list.

So what else is new? Perhaps someday there will be a class action lawsuit against Mr. Gates & Co. for the bajillions of dollars and hours of productivity lost because of their unbelievably insecure software.

In the meantime, a couple of solutions to this problem:
1. Don't use Microsoft Outlook or Microsoft Outlook Express. There are plenty of other excellent email programs out there and most are free.
2. If you MUST use Outlook, make sure you have anti-virus software installed. Update your virus definitions on a regular (ie weekly) basis. Get and install a copy of ZoneAlarm, a personal firewall. It's free and excellent.

Actually, everyone should be running anti-virus and firewall software. If they were, the spread of viruses would be nill. And ZoneAlarm will prevent the various 'phone-home' software applications from communicating with their mothership.

[Bill Rice]

"I have got a font glitch that appeared this week that has me stumped. "

Is it one where everything looks ok, then just "dissolves" into giberish? I had that problem a few years ago. I cured it with a little gem from Microsoft called "Tweak UI"

Go find it and grab it. It adds an icon to your control panel with lots of nice little things it will let you do. One of the added features is "Rebuild Fonts".

[Nephi]

Thanks for your help.

Oh and, as for my glitch, it affects only portions of the fonts on certain web pages and even when using Windows Explorer. For instance, when I open My Documents, the "My Documents" which is displayed with sky background appears to be an extreme "data" type font. This same font appears only on portions of some web pages - my Ameritrade account for instance.

[ex-Texan]

Thousands perhaps but all the fatalities are 'puters ...

[WVNan]

I've made it clear to all my friends that I never open attachments. If the message doesn't come up on my screen I don't see it because I refuse to open them. Besides what makes anyone think I would ever open an e-mail with sexy in the title?

[JAWs]

Even better, DON'T USE OUTLOOK!