Home / malwarePDF  

Win32.MyLife.G@mm


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Win32.MyLife.G@mm is also known as N/A.

Explanation :

This is another mass-mailer in the Win32.MyLife series, that spreads by e-mail to the user 's contacts. It was written in Visual Basic and packed using UPX.

It arrives as an attachment to an e-mail message in this format:

Subject: ox <--> sharon
Body:
Hi All,
look to the ox caricature it's very sad
ox <===> sharon
it's funny :-)
bye

Attachments are automatically scanned for viruses using MCAFEE.COM
========No Viruses Found========

Attachement:
"ox&Wife.scr" (size: ~ 13 KB)



When the user opens the attachment, the virus sends an e-mail message (with the virus body attached as described above) to all the user's contacts in the Address Book and the MSN Messenger contact list. It also drops a copy in the Windows System folder and registers it to be run each time the user logs on to Windows; eventually it displays the following picture:



The next time the virus is run, it will attempt to:
- overwrite the contents of files (that have the extension .jpeg, .rm, .ram, .mp3, .mp2, .doc, .xls, .ppt, .htm, .html, .wav, .php, .gif, .frm, .zip, .rar, .mpg, .mpeg, .asm, .txt, .pdf, .pps, .mdb, .rtf, .vbs, .js, .dbx or .avi) on mapped network drives with the text "my lIfE";
- delete all the data on hard-drive partitions (D:, E:, F:, G:, H:, I: and C:).

The following message box is displayed after the pay-load is activated:



The "message" of the virus and some texts within its body might indicate a possible connection to the author(s) of the Zacker (Win32.Zacker.A@mm, VBS.Zacker.C@mm, Win32.Zacker.D@mm, Win32.Zacker.F@mm) and Rezak (Win32.Rezak.A@mm) viruses.

Last update 21 November 2011

 

TOP