Sophos says: Myparty worm gatecrashes computers

January 29, 2002 Sophos Press Release

Sophos, a world leader in corporate anti-virus protection, is warning computer users against the new MyParty email worm (W32/MyParty-A) which is spreading in the wild.

The worm, which may appear to have come from a colleague or friend, arrives as an email with the subject line 'new photos from my party!'. The message reads: 'Hello! My party...It was absolutely amazing! I have attached my web page with new photos! If you can please make color prints of my photos. Thanks!'.

The email contains an attachment called "www.myparty.yahoo.com". You may think this is a link to a website, but it is actually a program file. Clicking on the attachment launches the program, which sends a copy of itself to every contact in the Windows Address book. It also tries to release a backdoor program onto your PC to allow others to access your computer remotely.

"Computer users are definitely getting wiser," said Paul Ducklin, Head of Global Support at Sophos Anti-Virus in Sydney. "The first reports we received of this worm were from people who didn't launch the attachment, but instead sent it in for analysis as obviously suspicious. It looks like Sophos's message of practising Safe Hex is getting through."

Protection against this worm (W32/MyParty-A) and the backdoor it releases (Troj/Msstake-A) is available from the Sophos Anti-Virus website.

For further information about Safe Hex please read Sophos's safe computing guidelines.