Advertisement
Promo

Security management Toolkit

Flawed MyLife worm attempts to delete critical Windows files

Robert Vamosi CNet

Published: 08 Mar 2002 17:44 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A worm posing as an old-fashioned photograph of a girl holding a flower is making the rounds on the Internet. MyLife (w32.mylife@mm) is a 30,720-byte worm written in Visual Basic and compressed using UPX. If executed, the worm will attempt to mail copies of itself to everyone in the user's address book and will attempt to delete critical Windows files. Fortunately, a bug in the current worm code prevents MyLife from deleting any files. Users of Macintosh and Linux machines are not affected. Because MyLife spreads via email and currently does not damage system files, this worm rates a 4/10 on the ZDNet Virus Metre.

How it works
MyLife arrives as email with a subject line that reads "my life ohhhhhhhhhhhhh." The body of the email message contains the following text:

:Hiiiii
How are youuuuuuuu?
look to the digital picture it's my love
vvvery verrrry ffffunny :-)
my life = my car
my car = my house
The attached file is My Life.scr.

If the user opens the attached file, the worm will display a picture of a young girl sniffing a flower. The active worm will appear as the item My Life in the Windows Task Bar. MyLife copies itself to the Windows System directory and adds itself to the following Registry key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\strmgr = C:\windows\system\My Life.scr.

The worm will attempt to delete SYS and COM files from the root directory; COM, SYS, INI, and EXE files from Windows directory; and SYS, VXD, EXE, and DLL files from the Windows System directory. Several antivirus vendors have reported that this worm did not delete any files on their test systems.

Prevention
Users of Microsoft Outlook 2002 and users of Outlook 2000 who have installed the Security Update should be safe from the attached SCR file in MyLife. Users who have not upgraded to Outlook 2002 or who have not installed the Security Update for Outlook 2000 should do so. In general, do not open attached files in e-mail without first saving them to hard disk and scanning them with updated antivirus software. Contact your antivirus vendor to obtain the most current antivirus signature files that include MyLife.

Removal
A few antivirus software companies have updated their signature files to include this worm. This will stop the infection upon contact and in some cases will remove an active infection from your system. For more information, see Central Command, F-Secure, McAfee, Sophos, Symantec and Trend Micro.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security management


Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Official Organizations Losing Data

How does this article from earlier today make you feel? How many more government, health service, or military officials are going to lose pen drives, DVDs, USB hard disks and even entire... More

2 comments

Twitter hack was DNS redirect

Twitter has said an attack on Thursday which took the site offline for many users was the result of a DNS redirect. A group calling itself the Iranian Cyber Army redirected users... More

1 comment

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Win a Teufel Cinebar 50 system

Win a Teufel Cinebar 50 system

What is ZDNet UK's usual tagline?

Competition closes - 14 Jan 2010


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters