Home / malware Win32.MyLife.J@mm
First posted on 21 November 2011.
Source: BitDefenderAliases :
Win32.MyLife.J@mm is also known as N/A.
Explanation :
This is another mass-mailer in the Win32.MyLife
series, that spreads by e-mail (using Microsoft Outlook) to the user's contacts.
It was written in Visual Basic and packed using UPX.
It arrives as an attachment
to an e-mail message in this format:
Subject:
sexyy Screen Saver
Body:
hi
look to the screen saver it's very funny
bye
Attachment:
"USA.scr" (size: ~ 22 KB)
When run, the virus will copy itself as "sh.scr"
and "USA.scr" in the
Windows System folder and register
"USA.scr" to be run every
time the user logs on to Windows (by creating the registry entry described in
the Symptoms section).
The virus will send e-mail
messages to the user's contacts in the Address Book and the MSN Messenger contact
list (in the format described above). It will also send a message to the address
zary2000@email.com (that also
includes the virus body as an attachment) in the following format:
Bcc:
zary2000@email.com
Subject:
funny Screen Saver
Body:
hi all,
look to the 3D screen saver it's very funny
bye
Attachment:
sh.scr
Eventually the virus will display the following picture:
Payload: Under certain
conditions (such as a specific hour of the day or date) the virus will attempt
to delete all folders on drive C:.Last update 21 November 2011
