The Web    Google
9/7: MyWife-C a Mass-Mailing Worm

9/7: MyWife-C a Mass-Mailing Worm
September 7, 2004

W32/MyWife.c@MM is a mass-mailing worm. It has the following characteristics:

  • On execution, the worm opens the Windows Media Player. The player does play any file
  • Drops various files as listed below
  • Changes registration name of WinZip if it is locally installed on the machine
  • Blocks various AV software from starting by deleting their keys
  • Changes the local telnet service to automatically start

    From examination of the mass-mailing worm, it can be seen that this is intended to be a mass-mailing virus, however under testing AVERT has been unable to reproduce this behavior, possibly due to a flaw in the program.

    Several files are dropped. View them and other information at McAfee page.

    According to Panda Software, Mywife.C is a worm that spreads via e-mail in a message with variable characteristics.

    A few seconds after it is executed, Mywife.C blocks the computer, as it uses all the processor time available.

    Mywife.C deletes the files belonging to several antivirus programs, if they are installed in the same directories as the ones specified in the worm's code. It also deletes the entries in the Windows Registry belonging to these antivirus programs, so these applications will not be run automatically the next time Windows is started.

    In addition, Mywife.C also deletes the entries belonging to other worms, such as Mydoom.A, Mimail.T and several variants of Bagle. Mywife.C attempts to search and end the processes belonging to antivirus and computer security programs. This would leave the affected computer vulnerable to the attack of other malware.

    More information is at this Panda Software page.

  • Exploit for Windows SSL Flaw Circulating
  • 2/22: MyDoom-BF Worm Sends Mass Emails
  • Under the Radar: IM Emerging as a Stealth Threat
  • 4/27: Mytob-CY Worm Arrives as Email Attachment
  • Immunize Your Servers Against Attack
  • Fighting to Keep Smut-Spam in a Brown Wrapper
  • U.S. Bows to Europe as New Spam King
  • 4/4: VBS.Kuullio Worm Sends Emails
  • Startup Unveils Web Server Assessment, Defense Toolkit
  • 1/18: Zar Worm Sends Tsunami Email
  • 11/5: Backdoor.Ranky-L Enables Attacker
  • Security Camera Articles