The Web    Google
9/7: MyWife-C a Mass-Mailing Worm

9/7: MyWife-C a Mass-Mailing Worm
September 7, 2004

W32/MyWife.c@MM is a mass-mailing worm. It has the following characteristics:

  • On execution, the worm opens the Windows Media Player. The player does play any file
  • Drops various files as listed below
  • Changes registration name of WinZip if it is locally installed on the machine
  • Blocks various AV software from starting by deleting their keys
  • Changes the local telnet service to automatically start

    From examination of the mass-mailing worm, it can be seen that this is intended to be a mass-mailing virus, however under testing AVERT has been unable to reproduce this behavior, possibly due to a flaw in the program.

    Several files are dropped. View them and other information at McAfee page.

    According to Panda Software, Mywife.C is a worm that spreads via e-mail in a message with variable characteristics.

    A few seconds after it is executed, Mywife.C blocks the computer, as it uses all the processor time available.

    Mywife.C deletes the files belonging to several antivirus programs, if they are installed in the same directories as the ones specified in the worm's code. It also deletes the entries in the Windows Registry belonging to these antivirus programs, so these applications will not be run automatically the next time Windows is started.

    In addition, Mywife.C also deletes the entries belonging to other worms, such as Mydoom.A, Mimail.T and several variants of Bagle. Mywife.C attempts to search and end the processes belonging to antivirus and computer security programs. This would leave the affected computer vulnerable to the attack of other malware.

    More information is at this Panda Software page.

  • Time to Remind Users of Security Responsibilities
  • 2/8: Wallz Worm Exploits LSAS Flaw
  • Microsoft Battles Debugger Flaw, SQL Worm
  • A Spec to Spike Spam?
  • IM Threat Center Formed
  • Soft on the Inside
  • Exploring Windows 2003 Security: IP Security
  • Group Revises Anti-Piracy License Terms
  • SunGard to Spin Off Disaster Recovery Biz
  • Platform Logic Wraps OS, Apps With Security Protections
  • 9/9: BackDoor-CEB.C Remote Access Trojan
  • Cheap Security Camera