HTML Microdata document

This HTML5 document contains 14 embedded RDF statements represented using HTML+Microdata notation.

The embedded RDF content will be recognized by any processor of HTML5 Microdata.

Prefix	Namespace IRI
n14	http://dbkwik.webdatacommons.org/resource/JZK7RwE-9uTp7P-hk7qJrA==
n5	http://dbkwik.webdatacommons.org/ontology/
n10	http://dbkwik.webdatacommons.org/resource/TVwvNU4-d_LvWw2YrCFDZg==
dcterms	http://purl.org/dc/terms/
n16	http://dbkwik.webdatacommons.org/resource/YCXPH3z2dbCiF8bueebk3g==
n11	http://dbkwik.webdatacommons.org/resource/38Z-VWlhMD0AfpEVkg9Bmg==
n4	http://dbkwik.webdatacommons.org/resource/JMKh8XlNVdjDPZcBsM-Jjw==
n12	http://dbkwik.webdatacommons.org/resource/HovNODxkCDeUNKY2k5WKBg==
n7	http://dbkwik.webdatacommons.org/resource/YKgLOQg-jjW-_izFLEkC4Q==
rdfs	http://www.w3.org/2000/01/rdf-schema#
n6	http://dbkwik.webdatacommons.org/malware/property/
n13	http://dbkwik.webdatacommons.org/resource/vZuYs0gOwLNNpaXrpc1tTg==
rdf	http://www.w3.org/1999/02/22-rdf-syntax-ns#
n9	http://dbkwik.webdatacommons.org/resource/h0MO9e-m2iwxFFjOGluuIA==
n17	http://dbkwik.webdatacommons.org/resource/F_j8ASzeeVYnurM3HJQXEA==
xsdh	http://www.w3.org/2001/XMLSchema#
n15	http://dbkwik.webdatacommons.org/resource/6hHN-muilW-lUmjLB6nWpA==
n2	http://dbkwik.webdatacommons.org/resource/e0YhYj0bqtWDgGAqLnFSBA==

Subject Item: n2:
rdfs:label: Myparty
rdfs:comment: This is a virus-worm that spreads via the Internet attached to infected e-mail. The worm itself is a Windows PE EXE file about 30Kb in length (compressed by UPX, 76K decompressed), and it is written in Microsoft Visual C++. Infected messages appear as follows: The worm activates from infected e-mail only when a user double-clicks on the attached file. The worm then installs itself to the system and runs a spreading routine. While installing, the worm copies itself to: c:egctrl.exe - under Win9x/MEc:ecycledegctrl.exe - under WinNT/2K/XP
dcterms:subject: n4: n9: n10: n11: n13: n15: n16: n17:
n6:wikiPageUsesTemplate: n7: n12: n14:
n5:abstract: This is a virus-worm that spreads via the Internet attached to infected e-mail. The worm itself is a Windows PE EXE file about 30Kb in length (compressed by UPX, 76K decompressed), and it is written in Microsoft Visual C++. Infected messages appear as follows: The worm activates from infected e-mail only when a user double-clicks on the attached file. The worm then installs itself to the system and runs a spreading routine. While installing, the worm copies itself to: c:egctrl.exe - under Win9x/MEc:ecycledegctrl.exe - under WinNT/2K/XP and spawns this copy. When the worm's file name is not ".com" (as in the attachment), but rather ".exe" (the worm is re-named), it also opens the Web page "". The original file (as it was run from an infected e-mail) is moved to the Recylced or Recycler directory with one of the following names: C:\RECYCLER\F-%1-%2-%3C:\RECYCLED\F-%1-%2-%3where %1, %2, %3 are randomly selected numbers, for example: F-12158-19044-21300F-27729-23255-31008While installing, the worm checks the keyboard layouot set, and when there is Russian keyboard support, the worm copies itself to Recycled/Recycler in the same way and exits. This is the same on any date except for 25–29 January 2002. As a result, the worm works only from 25 until 29 January 2002, and only on machines without Russian keyboard support. To send infected messages, the worm uses a direct SMTP connection to an e-mail server. To obtain a victim's e-mail addresses, the worm scans WAB files (Windows Address Book) and *.DBX files (Outlook Express). The worm also sends one e-mail (without an attachment) to "napster@gala.net". Under WinNT/2000/... the worm also creates a new file in a user's auto-run directory: %Userprofile%\Start Menu\Programs\Startup\msstask.exeand writes a backdoor program to there. This backdoor is run by data that are stored in a file at the Web site "". This one is a slightly modified 'a' version. The differences are: The attached file name is "myparty.photos.yahoo.com".