Home / malware Win32.MyLife.B@mm
First posted on 21 November 2011.
Source: BitDefenderAliases :
Win32.MyLife.B@mm is also known as W32/Caric.A@mm.
Explanation :
This new version of Win32.MyLife.A@mm is also a mass mailer for Microsoft Outlook, written in Visual Basic and packed using UPX.
It arrives as an attachment to an e-mail message in this format:
Subject: bill caricature
Attachement: "cari.scr" (size: ~ 12 KB)
Body:
Hiiiii
How are youuuuuuuu?
look to bill caricature it's vvvery verrrry ffffunny :-) :-)
i promise you will love it? ok
buy
========No Viruse Found========
MCAFEE.COM
--------------------------------------------------------
The attachment's filename has an executable extension (".scr") that is typical to Windows screen?savers. When the user runs the virus, it drops a copy of itself in the Windows System folder and sends e?mail messages in the format described above to all the user's contacts in the Address Book.
The dropped copy of the virus will also be registered to run each time Windows is restarted (by that user), by creating the "win" entry in the HKCUSoftwareMicrosoftWindowsCurrentVersionRun registry key.
The virus will eventually display this picture:
Its code contains a section that tries to delete the following files/folders: c:*.*, *.sys, *.vxd, *.ocx, *.nls, d:*.*, e:*.*, f:*.*, but fails.Last update 21 November 2011
