About: Myparty   Sponge Permalink

An Entity of Type : owl:Thing, within Data Space : 134.155.108.49:8890 associated with source dataset(s)

This is a virus-worm that spreads via the Internet attached to infected e-mail. The worm itself is a Windows PE EXE file about 30Kb in length (compressed by UPX, 76K decompressed), and it is written in Microsoft Visual C++. Infected messages appear as follows: The worm activates from infected e-mail only when a user double-clicks on the attached file. The worm then installs itself to the system and runs a spreading routine. While installing, the worm copies itself to: c:egctrl.exe - under Win9x/MEc:ecycledegctrl.exe - under WinNT/2K/XP

AttributesValues
rdfs:label
  • Myparty
rdfs:comment
  • This is a virus-worm that spreads via the Internet attached to infected e-mail. The worm itself is a Windows PE EXE file about 30Kb in length (compressed by UPX, 76K decompressed), and it is written in Microsoft Visual C++. Infected messages appear as follows: The worm activates from infected e-mail only when a user double-clicks on the attached file. The worm then installs itself to the system and runs a spreading routine. While installing, the worm copies itself to: c:egctrl.exe - under Win9x/MEc:ecycledegctrl.exe - under WinNT/2K/XP
dcterms:subject
dbkwik:malware/pro...iPageUsesTemplate
abstract
  • This is a virus-worm that spreads via the Internet attached to infected e-mail. The worm itself is a Windows PE EXE file about 30Kb in length (compressed by UPX, 76K decompressed), and it is written in Microsoft Visual C++. Infected messages appear as follows: The worm activates from infected e-mail only when a user double-clicks on the attached file. The worm then installs itself to the system and runs a spreading routine. While installing, the worm copies itself to: c:egctrl.exe - under Win9x/MEc:ecycledegctrl.exe - under WinNT/2K/XP and spawns this copy. When the worm's file name is not ".com" (as in the attachment), but rather ".exe" (the worm is re-named), it also opens the Web page "". The original file (as it was run from an infected e-mail) is moved to the Recylced or Recycler directory with one of the following names: C:\RECYCLER\F-%1-%2-%3C:\RECYCLED\F-%1-%2-%3where %1, %2, %3 are randomly selected numbers, for example: F-12158-19044-21300F-27729-23255-31008While installing, the worm checks the keyboard layouot set, and when there is Russian keyboard support, the worm copies itself to Recycled/Recycler in the same way and exits. This is the same on any date except for 25–29 January 2002. As a result, the worm works only from 25 until 29 January 2002, and only on machines without Russian keyboard support. To send infected messages, the worm uses a direct SMTP connection to an e-mail server. To obtain a victim's e-mail addresses, the worm scans WAB files (Windows Address Book) and *.DBX files (Outlook Express). The worm also sends one e-mail (without an attachment) to "napster@gala.net". Under WinNT/2000/... the worm also creates a new file in a user's auto-run directory: %Userprofile%\Start Menu\Programs\Startup\msstask.exeand writes a backdoor program to there. This backdoor is run by data that are stored in a file at the Web site "". This one is a slightly modified 'a' version. The differences are: The attached file name is "myparty.photos.yahoo.com".
Alternative Linked Data Views: ODE     Raw Data in: CXML | CSV | RDF ( N-Triples N3/Turtle JSON XML ) | OData ( Atom JSON ) | Microdata ( JSON HTML) | JSON-LD    About   
This material is Open Knowledge   W3C Semantic Web Technology [RDF Data] Valid XHTML + RDFa
OpenLink Virtuoso version 07.20.3217, on Linux (x86_64-pc-linux-gnu), Standard Edition
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2012 OpenLink Software