Overall Risk Rating: Medium
Damage Potential: High
Distribution Potential: High
Trend Micro customers should download Trend Micro Control Manager(tm) Outbreak Prevention Policy #37, and pattern file 583. Non Trend Micro customers should scan their IT systems with Trend Micro's free online scanner, Housecall, which can be found at http://housecall.trendmicro.com/
This mass-mailing worm uses Microsoft Outlook to send itself to all contacts found in the Outlook address book.
The email message has the following details:
Subject: Old Shakira
Message Body:
Hi
i saw this good ASS,, i sleep 3 hours ;-) check Shakira ass soory Shakira movi :)
========No virus detected========
MCAFEE.COM
Attachment: Shakira_1997_part_1_.Mpeg_.scr
Subject: Fw: Julia Roberts
Message Body:
Hi
How are you?
Lexy and Mystique, a couple of 18 yr old bi gothic chicks, came over and had some fun in our shower. This scene looks even better on video, check em out at gotgiclex.com
========No virus detected========
MCAFEE.COM
Attachment: Julia_Roberts_*******_toilet.Mpeg_.scr
This malware is UPX-compressed and is developed in Visual Basic. It also requires the library file MSVBVM60.DLL in order to execute.
Language: English
Platform: Windows 95., 98, NT, ME, 2000, XP
Encrypted: No
Size of virus: 8,192 Bytes (compressed); 20,480 Bytes (uncompressed)
Details:
Installation
Upon execution, this mass-mailer attempts to drop a copy of itself as the following files in the Windows system directory:
Shakira_1997_part_1_.Mpeg_.scr
Julia_Roberts_*******_toilet.Mpeg_.scr
Autostart Technique
It then creates the following registry entry so that its dropped copy will be executed at every system startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run
Win32 = %System%\Shakira_1997_part_1_.Mpeg_.scr
(Note: %System% is the Windows system directory, which is usually C:\Windows\System or C:\WINNT\System32.)
Additionally, it drops a 0-Byte file, MyLife.mpg, then prompts the user whether to open or save it.
Mass-Mailing Routine
This worm uses Microsoft Outlook to send itself as attachment to all the contacts found in the Outlook address book.
The email message has the following details:
Subject: Old Shakira
Message Body:
Hi
i saw this good ASS,, i sleep 3 hours ;-) check Shakira ass soory Shakira movi :)
========No virus detected========
MCAFEE.COM Attachment: Shakira_1997_part_1_.Mpeg_.scr
Subject: Fw: Julia Roberts
Message Body:
Hi
How are you?
Lexy and Mystique, a couple of 18 yr old bi gothic chicks, came over and had some fun in our shower. This scene looks even better on video, check em out at gotgiclex.com
========No virus detected========
MCAFEE.COM Attachment: Julia_Roberts_*******_toilet.Mpeg_.scr
Other Details
Based on the code, this malware also attempts to delete all files in the root directory of drives D, E and F. However, due to some programming errors, it fails to execute the said destructive routine.
This malware is UPX-compressed and is developed in Visual Basic. It requires the library file MSVBVM60.DLL in order to execute.
For more information, please visit:
www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYLIFE.M
Or contact:
Anna Wright,
Trend Micro Europe,
+44 (0)1628 400 534
Anna_wright@trendmicro.co.uk
Lammers van Toorenburg Benelux PR
Francine Loos / Annegees van Linge
Tel: +31 (0)30 6565 070
E-mail: trendmicro@lvtpr.nl