The Computer Virus Information has been forwarded to me by NRC's Computer
> Security Specialists. I'm forwarding it for your information as this worm
> may impact your information infrastructure or on home computers.
> NRC has been informed of a virus-worm which spreads via the Internet
> attached to infected email. It is named Myparty and several infections by
> this malicious code have already been reported. NRC is aware of five NRC
> employees who received the tainted e-mail on Monday. If you receive an
> e-mail as described below, please delete it from your Mailbox and Trash
> folders without opening it.
> Infected messages will appear as follows:
> Subject: new photos from my party!
> Body: Hello!
> My party... It was absolutely amazing!
> I have attached my web page with new photos!
> If you can please make color prints of my photos. Thanks!
> Attachment: >
> (A variant named WORM_MYPARTY.B has an attachment named
> "myparty.photos.yahoo.com."
> As is apparent, the virus carrying e-mail attachment purposely poses as a
> Website address. Though the receiving user may think they are going to
> photos on a web page, a malicious program is actually being activated. This
> method of delivery is new though the virus itself is similar to many other
> Internet worms. One anti-virus expert stated "This occurrence once again
> confirms that not everything beginning with 'www' and ending in '.com' is a
> Web site."
> When the receiving system's date is between January 25-29 of 2002, the worm
> can be activated from the infected e-mail. It executes when a user double
> clicks on the attached file which installs it into the victim's system and
> runs a spreading routine. This virus creates copies of itself in different
> disk directories (BKDR_MYPARTY.A) which it records in the Windows start up.
> Next, it scans the Windows Address Book and Outlook Express databases and
> sends out copies of itself by establishing a direct connection with a remote
> SMTP server. In addition, Myparty may open the Web
> site and then report its infection success by sending a blank e-mail to
> napster@gala.net. An interesting attribute is that this virus will
> ascertain whether the receiving machine has a Russian keyboard. If so, it
> will simply exit the system without doing any harm. The worm will also exit
> the system if users are running Windows 9x/ME.
> Myparty has some dangerous side effects, as well. On computers using
> Windows NT/2000/XP, the worm installs a spy program for remote unauthorized
> control. In this way, a malefactor can gain total control over a victim's
> computer.
> For questions and concerns about this issue you should contact your IT/IM
> security manager.
> Security Specialists. I'm forwarding it for your information as this worm
> may impact your information infrastructure or on home computers.
> NRC has been informed of a virus-worm which spreads via the Internet
> attached to infected email. It is named Myparty and several infections by
> this malicious code have already been reported. NRC is aware of five NRC
> employees who received the tainted e-mail on Monday. If you receive an
> e-mail as described below, please delete it from your Mailbox and Trash
> folders without opening it.
> Infected messages will appear as follows:
> Subject: new photos from my party!
> Body: Hello!
> My party... It was absolutely amazing!
> I have attached my web page with new photos!
> If you can please make color prints of my photos. Thanks!
> Attachment: >
> (A variant named WORM_MYPARTY.B has an attachment named
> "myparty.photos.yahoo.com."
> As is apparent, the virus carrying e-mail attachment purposely poses as a
> Website address. Though the receiving user may think they are going to
> photos on a web page, a malicious program is actually being activated. This
> method of delivery is new though the virus itself is similar to many other
> Internet worms. One anti-virus expert stated "This occurrence once again
> confirms that not everything beginning with 'www' and ending in '.com' is a
> Web site."
> When the receiving system's date is between January 25-29 of 2002, the worm
> can be activated from the infected e-mail. It executes when a user double
> clicks on the attached file which installs it into the victim's system and
> runs a spreading routine. This virus creates copies of itself in different
> disk directories (BKDR_MYPARTY.A) which it records in the Windows start up.
> Next, it scans the Windows Address Book and Outlook Express databases and
> sends out copies of itself by establishing a direct connection with a remote
> SMTP server. In addition, Myparty may open the Web
> site and then report its infection success by sending a blank e-mail to
> napster@gala.net. An interesting attribute is that this virus will
> ascertain whether the receiving machine has a Russian keyboard. If so, it
> will simply exit the system without doing any harm. The worm will also exit
> the system if users are running Windows 9x/ME.
> Myparty has some dangerous side effects, as well. On computers using
> Windows NT/2000/XP, the worm installs a spy program for remote unauthorized
> control. In this way, a malefactor can gain total control over a victim's
> computer.
> For questions and concerns about this issue you should contact your IT/IM
> security manager.