Fwd: [unisog] MyParty

Christopher E. Cramer chris.cramer at duke.edu
Mon Jan 28 22:05:27 GMT 2002


> On Mon, 28 Jan 2002, Bob Ono wrote:
>
> > Andy,
> > We have not seen this version of the MyParty worm.  Can you provide
> > additional information as to how it is related to the MyParty virus - same
> > attachment names?  Is there any unique characteristic to this new flavor?
> > Thanks.
> > Bob
> >
> >
>
>
>
> Sorry, folks.  False alarm.  I was working from second-hand reports.
>
> I've just come back from some house calls to the actual victims and it
> looks like we have a SirCam outbreak coincident with the debut of MyParty.
> There is only the one "mild" flavor of MyParty out there, the rest is
> SirCam.
>
> Actually, there was a PC that had both SirCam and Magister.B, though the
> Magister infection was incomplete (having been blocked by SirCam).

actually, there is a second version which (according to McAfee) installs a
backdoor on the system.  You can find machines infected with this version
by looking for machines trying to communicate with 209.151.250.170.

reference: http://vil.nai.com/vil/content/v_99332.htm

-Chris



More information about the unisog mailing list