xpgeek
31-01-2006, 05:41 PM
Microsoft Security Advisory (904420)
Win32/Mywife.E@mm
Published: January 30, 2006
Microsoft wants to make customers aware of the Mywife mass mailing malware variant named Win32/Mywife.E@mm. The mass mailing malware tries to entice users through social engineering efforts into opening an attached file in an e-mail message. If the recipient opens the file, the malware sends itself to all the contacts that are contained in the system’s address book. The malware may also spread over writeable network shares on systems that have blank administrator passwords.
Customers who are using the most recent and updated antivirus software could be at a reduced risk of infection from the Win32/Mywife.E@mm malware. Customers should verify this with their antivirus vendor. Antivirus vendors have assigned different names to this malware but the Common Malware Enumeration (CME) group has assigned it ID CME-24.
On systems that are infected by Win32/Mywife@E.mm, the malware is intended to permanently corrupt a number of common document format files on the third day of every month. February 3, 2006 is the first time this malware is expected to permanently corrupt the content of specific document format files. The malware also modifies or deletes files and registry keys associated with certain computer security-related applications. This prevents these applications from running when Windows starts. For more information, see the Microsoft Virus Encyclopedia (http://www.microsoft.com/security/encyclopedia/details.aspx?Name=Win32/Mywife.E@mm).
As with all currently known variants of the Mywife malware, this variant does not make use of a security vulnerability, but is dependant on the user opening an infected file attachment. The malware also attempts to scan the network looking for systems it can connect to and infect It does this in the context of the user. If it fails to connect to one of these systems, it tries again by logging on with "Administrator" as the user name together with a blank password.
Is this a security vulnerability that requires Microsoft to issue a security update?
No. This is not a security vulnerability. This advisory is being issued to provide additional information for users who could be infected by the Mywife malware.
What is the potential damage?
On the third day of every month, beginning Friday February 3, this variant of the malware resets the content of files that have specific file name extensions. It searches for files on the hard disk that have the following file name extensions and replaces their contents with "DATA Error [47 0F 94 93 F4 K5]":
.doc
.xls
.mdb
.mde
.ppt
.pps
.zip
.rar
.pdf
.psd
.dmp
Source and More Information (http://www.microsoft.com/technet/security/advisory/904420.mspx)
Win32/Mywife.E@mm
Published: January 30, 2006
Microsoft wants to make customers aware of the Mywife mass mailing malware variant named Win32/Mywife.E@mm. The mass mailing malware tries to entice users through social engineering efforts into opening an attached file in an e-mail message. If the recipient opens the file, the malware sends itself to all the contacts that are contained in the system’s address book. The malware may also spread over writeable network shares on systems that have blank administrator passwords.
Customers who are using the most recent and updated antivirus software could be at a reduced risk of infection from the Win32/Mywife.E@mm malware. Customers should verify this with their antivirus vendor. Antivirus vendors have assigned different names to this malware but the Common Malware Enumeration (CME) group has assigned it ID CME-24.
On systems that are infected by Win32/Mywife@E.mm, the malware is intended to permanently corrupt a number of common document format files on the third day of every month. February 3, 2006 is the first time this malware is expected to permanently corrupt the content of specific document format files. The malware also modifies or deletes files and registry keys associated with certain computer security-related applications. This prevents these applications from running when Windows starts. For more information, see the Microsoft Virus Encyclopedia (http://www.microsoft.com/security/encyclopedia/details.aspx?Name=Win32/Mywife.E@mm).
As with all currently known variants of the Mywife malware, this variant does not make use of a security vulnerability, but is dependant on the user opening an infected file attachment. The malware also attempts to scan the network looking for systems it can connect to and infect It does this in the context of the user. If it fails to connect to one of these systems, it tries again by logging on with "Administrator" as the user name together with a blank password.
Is this a security vulnerability that requires Microsoft to issue a security update?
No. This is not a security vulnerability. This advisory is being issued to provide additional information for users who could be infected by the Mywife malware.
What is the potential damage?
On the third day of every month, beginning Friday February 3, this variant of the malware resets the content of files that have specific file name extensions. It searches for files on the hard disk that have the following file name extensions and replaces their contents with "DATA Error [47 0F 94 93 F4 K5]":
.doc
.xls
.mdb
.mde
.ppt
.pps
.zip
.rar
.psd
.dmp
Source and More Information (http://www.microsoft.com/technet/security/advisory/904420.mspx)