[website-critique] Fw: * cybercrime-alerts * Don't Look At 'Party' Pictures

• From: "DesignWorks" <tchapman@xxxxxxxxxxxxx>
• To: <websitecritique@xxxxxxxxxxxxx>,<takeatip-leaveatip@xxxxxxxxxxxxxxx>
• Date: Mon, 28 Jan 2002 18:36:20 -0600

At the same time this came into my "Cybercrime-alerts" folder.. I got an
email telling me to check out the party pics... talk about being right on
top of things eh!!

Anyway.. just wanted ya'll to know to pay attention to this one!

--

Tina Chapman
DesignWorks - Owner/Designer
http://www.dsgnworks.com

E-mail: tchapman@xxxxxxxxxxxxx
Phone: 270.389.3698
Mobile: 270.748.1675
Text Message: 2707481675@xxxxxxxxxxxxx

--

----- Original Message -----
From: "cybercrime-alerts" <majordomo@xxxxxxxxxxx>
To: <cybercrime-alerts@xxxxxxxxxx>
Sent: Monday, January 28, 2002 3:04 PM
Subject: * cybercrime-alerts * Don't Look At 'Party' Pictures


* via http://theMezz.com/lists

* subscribe at http://techPolice.com


Don't Look At 'Party' Pictures
Reuters
12:10 p.m. Jan. 28, 2002 PST


SAN FRANCISCO -- A new computer bug that tries to trick computer users into
clicking on a virus-infected Web link masquerading as party photos emerged
in Asia on Monday and began spreading to Europe and North America, computer
experts said.

The "My Party" worm, which is not considered destructive, spreads by
infiltrating popular e-mail software Microsoft Windows Address Book and
Outlook Express Database.

The worm e-mails itself to every person in an infected users' e-mail log,
making it look as if the worm comes from a colleague or friend, experts
said.

The worm is believed to have originated in Russia because it does not infect
computers using keyboards with Cyrillic or Russian characters and, when it
infects a new machine, it sends an e-mail to a Russian free e-mail account,
according to Mikko Hypponen, manager of antivirus research at Finnish-based
F-Secure.

The worm, which was first spotted in Singapore, will stop spreading on
Wednesday because it was written to spread only between Jan. 25 and Jan. 29,
Hypponen added.

It installs a backdoor that downloads commands from a Web site hosted by a
U.S.-based Internet service provider, but the commands are benign at this
point, he said. Officials are attempting to get the ISP to shut down the
website, he added.

"I'm pretty sure it's a teenager in Russia doing this," Hypponen said.

Even though the worm does no real damage to infected computers, what makes
it dangerous is its ability to dupe users into executing the file, thinking
it will lead to a valid website.

"Most people have no idea that .COM is not just part of Web addresses, but
is also an executable file extension," Hypponen said.

Anti-virus specialist Trend Micro gave the bug a medium risk rating.
Security firms said that, compared with past e-mail worms, such as Nimda and
Sircam, the number of reported "My Party" infections thus far is moderate.

The virus arrives as an e-mail with the subject line "new photos from my
party!" It contains an innocuous looking file attachment called
www.myparty.yahoo.com.

A message in the body of the e-mail reads: "Hello! My party... It was
absolutely amazing! I have attached my Web page with new photos! If you can
please make color prints of my photos. Thanks!"

Graham Cluley, senior technology consultant for Sophos Anti-Virus, said
because it carries what appears to be an authentic link from the popular Web
portal Yahoo, and appears to come from a colleague or friend, the worm has
the potential to spread quickly.

Sophos received reports of infection from corporate clients and academic
institutions in Asia, the Middle East and Europe.

The Web site of UK-based e-mail security service provider MessageLabs
indicated that it had detected nearly 1,000 copies of the worm but that
number dropped to fewer than 100 later in the day.

Sophos has devised a patch and anti-virus software from other companies,
including F-Secure and McAfee.com, also detect the virus.

Copyright © 2001 Reuters Limited.

=====================================================
Don't miss a programming beat!  Sign up now for
developerWorks weekly newsletter - tools, code, and tutorials -
Java, XML, Linux, Open Source, - everything you need.
http://click.topica.com/caaafmtb1dhr0b2BK22f/developerWorks
=====================================================

--via http://techPolice.com
archive: http://theMezz.com/cybercrime/archive
subscribe: cybercrime-alerts-subscribe@xxxxxxxxxx
--via http://theMezz.com

==^================================================================
This email was sent to: tchapman@xxxxxxxxxxxx

EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b2BK22
Or send an email to: cybercrime-alerts-unsubscribe@xxxxxxxxxx

T O P I C A -- Register now to manage your mail!
http://www.topica.com/partner/tag02/register
==^================================================================





Free Domain To List Members: http://szaroconsulting.com/freedomain.htm

~~~~~~~~~~~~~~~~~~~~~~
List Info: //www.freelists.org/cgi-bin/webpage?webpage_id=websitecritique 
~~~~~~~~~~~~~~~~~~~~~~

Other related posts:

• » [website-critique] Fw: * cybercrime-alerts * Don't Look At 'Party' Pictures

1. Home
2. websitecritique
3. Archive
4. 01-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---