Anti-virus experts are tracking a new worm that has the ability to delete files from infected machines. The worm, known as MyLife.B, arrives via e-mail and is a variant of the original MyLife virus, which has been in the wild for some time.
The worm arrives in an e-mail with the subject line of “bill caricature” and the following body text:
The message also contains the line, “No Viruse (sic) Found, McAfee.com,” an apparent attempt to make unsuspecting users believe that the message has been scanned and found to be clean.
The worm mails copies of itself to all of the names in the infected computers Microsoft Outlook address book, but also carries a destructive payload. As part of the infection process, MyLife creates a registry run key that activates the worm during each bootup of the machine.
If the machine boots between 8 a.m. and 9 a.m., the worm deletes files from the PCs C, D, E and F drives as well as in the system directory, according to Craig Schmugar, a virus researcher with Network Associates Inc.s AVERT team.
The worms attachment is a screen saver file with name “Cari.scr,” which displays an image of Bill Clinton. Many corporate network administrators block .scr files at the Internet gateway, Schmugar said, which should prevent this variant from spreading widely.
MyLife was first spotted Thursday in several European countries and is classified by McAfee.com as a medium risk.
Related stories:
- Microsoft Warns of JVM Vulnerability
- Anti-virus Makers Pushing Automation