[Dshield] Microsoft MyWife Advisory

Jon R. Kibler Jon.Kibler at aset.com
Tue Jan 31 21:43:52 GMT 2006

TheGesus wrote:
> On 1/31/06, vtncus <forum at dshield.org> wrote:
> Because McAfee named it that on the 17th, before the "Blackworm" hype
> from the security community started.

I have not had time to check to see if the malware is related, but there was a virus or worm
that ClamAV called 'MyWife' 2 or 3 years ago... it was spread by email as a gif with (I think)
self-extracting zip file. The malware got its name because the subject line of the email was
'My Wife'.

I remember this one all too well because I was teaching a security course and had turned the
class loose on a library of quarantined emails that had all identifying information about the
malware contained therein deleted. The objective of the exercise was to identify the malware
contained in the email.

One of the students asked for some help on one of the samples. They could not get the alleged
'gif' file to properly extract (I suspect that they had somehow messed up the base64 to gif
conversion), so I tried the extraction, did a verify that the file was a valid gif, then loaded
the file into Mozilla to see what was the gif attachment. It turned out to be an explicit porn
pic of a couple having sex. At that point, I told the student that the attachment in question
was indeed a gif file and they really did not need to open the file. At that point the class
looked up from their work and started snickering, and the student who asked for help informed
me that he did not need to examine the gif because the whole class could clearly see it was a
valid gif.

I had forgotten the video projector was still on. Oops!

Jon Kibler
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
(843) 849-8214

Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.

More information about the list mailing list