Infection Level: High
Payload Threat Level: Medium-High
------------------------------------------------------
OVERVIEW
There is a new worm circulating worldwide in the wild called
"Mylife.b" or "Caric". This is a screen
saver that arrives as an e-mail attachment. Screen saver
(SCR) files are actually executable files, and they can
do anything on your system once aunched. Mylife.b pretends
to be a screensaver of former US President Bill Clinton".
Mylife.b is a variant of the "Mylife" worm, which
was created to bypass traditional anti-virus solutions.
It even tricks users into opening the attachment by adding
a spoofed claim from McAfee Anti-Virus stating that the
attachment is free of viruses...
TECHNICAL OVERVIEW
Aliases: W32.Caric@mm, Win32.MyLife.B, Win32/Cari.Worm
Mylife.b displays the promised Clinton's caricature during
its malicious payload. Mylife.b collects e-mail addresses
from the Outlook Address Book and the MSN Messenger contact
list. Mylife.b sends the following e-mail message to all
collected e-mail addresses:
Subject: "bill caricature"
Body: Hiiiii
How are youuuuuuuu?
look to bill caricature it's vvvery verrrry ffffunny :-)
:-)
i promise you will love it? ok
buy
========No Viruse Found========
MCAFEE.COM
--------------------------------------------------------
Attachment name: cari.scr
Attachment size: 41,984 bytes
If activated between 8am and 9am, it also attempts to delete
files from root directories and with the extensions .SYS,
.VXD, .OCX and .NLS from SYSTEM folder.
PROTECTION
Deploy proactive security solutions to defend against new
and unknown attacks.
©Finjan Software
Back
