Antivirus officials are warning users to be on the lookout for the new "Myparty" virus that preys on the popularity of personalized photograph Web pages offered by companies such as Yahoo Inc. and America Online Inc.
Featuring an e-mail subject heading of "new photos from my party!" the virus attempts to trick users into thinking a link inside the e-mail points the reader to a friend's photo Web site, according to antivirus officials at McAfee and Symantec Corp. However, the URL is actually an attachment containing a portable executable .com file that launches itself to every address in a user's Windows address book and addresses found within .DBX files, said Vincent Gullotto, senior director for McAfee AVERT (Anti-Virus Emergency Response Team).
Although the virus at first appeared to only mass mail copies of itself upon execution, further research by McAfee.com Corp. indicates that Myparty also installs a backdoor onto infected systems, leaving them open to attack by those who know how to exploit this vulnerability (McAfee.com Corp. is distinct from McAfee AVERT, though they both share the same parent company, Network Associates Inc.).
Gullotto said McAfee first began investigating submitted samples of Myparty on Sunday night. Despite a lack of heavy propagation, the antivirus vendor chose to label the virus medium risk due to its serious social engineering nature.
The bogus e-mail features the following message:
My party...It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!"
The worm attachment reads www.myparty.yahoo.com and is sized at 29,696 bytes. The virus copies itself to C:\Recycled\regctrl.exe and executes that file, retrieving a user's infected machine's default SMTP server from the registry to launch itself through solicited addresses.
Antivirus vendors said the virus will stop mailing itself out at midnight on Tuesday. A variant of the worm also exists in a slightly different file -- myparty.photos.yahoo.com -- featuring an attachment size of 28,160 bytes.
(Brian Fonseca is an InfoWorld correspondent, an affiliate of IDG News Service.)