Home / malwarePDF  

Win32.MyLife.A@mm


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Win32.MyLife.A@mm is also known as W32.MyLife@mm.

Explanation :

This virus is a mass mailer that uses the e-mail client Microsoft Outlook in order to send itself to all the user's contacts in the Address Book. It was written in Visual Basic and the executable is compressed using the UPX executable packer.

It comes attached to an e-mail message in the following format:

Subject: my life ohhhhhhhhhhhhh
Attachement: "My Life.scr" (size: ~ 30 KB)

Body:
Hiiiii
How are youuuuuuuu?
look to the digital picture it's my love
vvvery verrrry ffffunny :-)
my life = my car
my car = my house



The attachment's filename has an extension (".scr") that identifies it as an executable program for Windows (most Windows screen savers have that extension). When the user runs the virus (eg: by opening the attachement of the message), it will drop a copy of itself in the Windows System folder and use that copy to create attachments to the messages it sends to all the contacts in the user's Address Book:



The dropped copy of the virus will also be registered to run each time Windows is restarted (by the "infected" user), by creating the entry named above in the
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun registry key.

The virus will eventually display this picture:



The virus will not run unless the executable's name is "My Life.scr" (this is due to poor Visual Basic programming); its code contains a section that seems to try to delete .com, .sys, .ini, .exe, .vxd and .dll files from various folders (probably including the Windows and Windows System folders). These extensions usually belong to important system and application files and if these were deleted, Windows (and probably some Windows applications as well) would almost certainly have to be reinstalled. However, this version of the virus doesn't achieve this evil task.

Last update 21 November 2011

 

TOP