Good Afternoon:

New Virus that has hit most of the blind list serves.

Virus Profile

Virus Name:  Risk Assessment:
W32/Myparty.a@MM   Medium

Virus Information:
Date Discovered: 1/27/2002
Date Added: 1/27/2002
Origin: Russia
Virus Characteristics:

Due to the number of samples AVERT received Sunday night, an EXTRA.DAT
has been posted. AVERT continues to monitor the prevalence of this
threat.
This mass-mailing worm drops a BackDoor trojan (BackDoor-AAF) on
WindowsNT/2K/XP system. The worm itself carries no destructive payloads.
It arrives in an email message containing the following information:

Subject: new photos from my party!
Body: Hello!

My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!

Attachment: www.myparty.yahoo.com (29,696 byte PE file)

The attachment name may trick some users into thinking that if they
click on the file, they will be taken to a Yahoo website. This
attachment is an executable file with a .COM extension, not a URL.
Running the attachment infects the local machine. The virus copies
itself to C:\Recycled\regctrl.exe and executes that file. The users
default SMTP server is retrieved from the registry.
HKEY_CURRENT_USER\Software\Microsoft\Internet Account
Manager\Accounts\00000001
The virus uses this SMTP server to send itself out to all addresses
found in the Windows Address Book and addresses found within .DBX files.

This virus only attempts to massmail itself on January 25, 26, 27, 28 or
29, 2002


VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask]  In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
 VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html