Microsoft wants to make customers aware of the Mywife mass mailing malware variant named Win32/Mywife.E@mm. The mass mailing malware tries to entice users through social engineering efforts into opening an attached file in an e-mail message. If the recipient opens the file, the malware sends itself to all the contacts that are contained in the system’s address book. The malware may also spread over writeable network shares on systems that have blank administrator passwords.
Customers who are using the most recent and updated antivirus software could be at a reduced risk of infection from the Win32/Mywife.E@mm malware. Customers should verify this with their antivirus vendor. Antivirus vendors have assigned different names to this malware but the Common Malware Enumeration (CME) group has assigned it ID CME-24.
On systems that are infected by Win32/Mywife@E.mm, the malware is intended to permanently corrupt a number of common document format files on the third day of every month. February 3, 2006 is the first time this malware is expected to permanently corrupt the content of specific document format files. The malware also modifies or deletes files and registry keys associated with certain computer security-related applications. This prevents these applications from running when Windows starts. For more information, see the Microsoft Virus Encyclopedia.
As with all currently known variants of the Mywife malware, this variant does not make use of a security vulnerability, but is dependant on the user opening an infected file attachment. The malware also attempts to scan the network looking for systems it can connect to and infect It does this in the context of the user. If it fails to connect to one of these systems, it tries again by logging on with “Administrator” as the user name together with a blank password.
Microsoft Security Advisory (904420): Win32/Mywife.E@mm (aka Blackworm)
For even more comprehensive information on this virus go here: http://www.isc.sans.org/blackworm
Microsoft Security Advisory (904420)
Read the rest of this advisory here: Microsoft Security Advisory (904420): Win32/Mywife.E@mm.