Product Support Services - Moderate Security Alert - Virus: W32.Myparty@mm 
Author Message
 Product Support Services - Moderate Security Alert - Virus: W32.Myparty@mm


SEVERITY: MODERATE REACTIVE
DATE: 01/28/2002
PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook Express, other
programs that are used to read e-mail messages.

**********************************************************************

WHAT IS IT?

Backdoor-Trojan.

IMPACT OF ATTACK:
Mass Mailing, Backdoor Trojan

TECHNICAL DETAILS:
The e-mail message arrives with the following characteristics:

Subject: new photos from my party!
Body:
Hello!
My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!

Attachment name: "www.myparty.yahoo.com"

The worm sends e-mail messages to the addresses that are contained in the
Windows Address Book and in files with a .dbx file extension. Files with a
.dbx file extension are Outlook Express folders and inboxes.

The worm uses a self-contained SMTP engine to send out e-mail messages to
the SMTP server that is configured on the infected computer.

This virus drops a backdoor-Trojan virus that is named BackDoor-AAF.

the system date is in the following range:

25th - 29th January 2002 inclusive
Outside of this date range, no backdoor component is dropped.

If the backdoor successfully runs, it tries to connect to the following IP
address to download its command file: http://www.*-*-*.com/

Please contact your Antivirus Vendor for additional details on this virus.

PREVENTION:
Do not open attachments from un-trusted or unknown sources.  In Outlook 98
and Outlook 2000 Pre-SR1, use the Outlook E-mail Security Update.

RECOVERY:
If infected, please contact your antivirus vendor. NOTE: Systems that are
running Microsoft Windows NT, Microsoft Windows 2000, and Microsoft Windows
XP that were infected with the Backdoor-Trojan included with this virus will
require additional steps that are appropriate for a compromised computer.

RELATED KB'S: Q317235
(Will be available within 72 hours)
http://www.*-*-*.com/ ;EN-US;q317235

RELATED LINKS:
Symantec

Trendmicro
http://www.*-*-*.com/
A
Network Associates
http://www.*-*-*.com/

As always please make sure to use the latest Anti-Virus detection from your
Anti-Virus vendor to detect new viruses and their variants.

If you have any questions regarding this alert please contact your Microsoft
representative or 1-866-727-7338 (1-866-PCSafety) within the US, outside of
the US please contact your local Microsoft Subsidiary.

PSS Security Response Team

--
Regards,

Jerry Bryant - MCSE, MCDBA
Microsoft IT Communities

Get Secure! www.microsoft.com/security

This posting is provided "AS IS" with no warranties, and confers no rights.



Sat, 17 Jul 2004 03:55:02 GMT  
 
 [ 1 post ] 

 Relevant Pages 

1. Premier - Product Support Services - Moderate Security Alert - Virus: Gigger/JS.Gigger.A@mm

2. Product Support Services - Moderate Security Alert - Virus Alert: Klez-E

3. PSS Moderate Security Alert - New Worm: W32.Fizzer.A@mm

4. PSS Security Alert - W32/Palyh@MM

5. just recieved a new virus W32/Bugbear@MM Virus Found

6. Virus W32.Sobig.C@mm from 3be15be7@news.softvelocity.com

7. VIRUS WARNING : W32/Sobig.E@mm

8. How to prevent Virus W32.klez.gen@mm

9. W32/Klez.h@MM virus

10. virus w32.magistr.39921@mm

11. w32.Magistr.24876@mm Virus -- NEED HELP!

 

 
Powered by phpBB® Forum Software