Computing News
M A R C H 2 0 0 2

Computing News

Computing News
Back Issues

Computer Security

Computing Infrastructure Support (CIS)

CIS Services

Computing Standards

Software Downloads

CIS Computer
Help Desk

CIS Help
Request Form

Unix Services
ISS
IMAP4
Calendaring


   
Monthly Virus Update: MyLife, Impo and Gibe Worms and a Hoax Target Windows Systems
 
The LBNL virus wall continues to find and eradicate many hundreds of viruses and worms in email messages. Last month the most frequently found virus was PE-Magistr (versions A and B), followed closely by the Sircam worm, then the Badtrans worm, Klez worm, and Nimda worm. Several new Windows virus and worms, including Gibe, Mylife and Impo have surfaced within the last few weeks.

Gibe
Windows systems users -- there is a new worm (W32.Gibe@mm) coupled with a new hoax going around the Internet. A message allegedly from Microsoft urges users to install what is described as a patch for a serious vulnerability. The attachment is not a patch, but is instead a worm that installs a deadly Trojan horse program. If you download the attachment, you will not only infect your system, but will also allow remote attackers to take control of your system.

"Don't fall prey to this latest Internet hoax," warns Gene Schultz of the Lab's Computer Protection Program. "Please note that Microsoft never distributes patches via email, but instead makes them available at http://www.microsoft.com/technet/security."

Additionally, remember that the LBNL VirusWall will find and delete the malicious attachment, but not every LBNL computer is protected by the VirusWall, nor, chances are, is your home computer. For additional information about this new threat, click here.

MyLife
W32.MyLife@mm is a mail-based worm that, if executed, sends itself to all addresses in the Microsoft Outlook address book in every system it infects. It tries to delete files with the following types of extensions: .exe, .com, .sys, .ini, .dll, .vxd and modifies Registry entries the victim system. It generally arrives in a message that has the following subject: my life ohhhhhhhhhhhh. The message typically reads:

Hiiiii
How are youuuuuuuu? look to the digital picture it's my love
vvvery verrrry ffffunny :-)
my life = my car
my car = my house

The attachment is usually named My Life.scr. All you need to do to infect your system is to open the attachment. If your system becomes infected, it is best to dial HELP, because eradication is complicated.
Click here for more information.

Impo
Impo is also a mail-based worm that sends itself to all addresses in the Windows Address Book. Unlike MyLife, however, Impo does not damage the systems that it infects. Impo arrives as an email message containing an attachment that is generally named patch.exe. For addresses that end in .jp, Impo randomly chooses one of 17 Japanese language subjects. Otherwise, the subject is almost always "important." Cleaning up Impo requires updating Norton Anti-Virus on the infected system, then running a full system scan, although it is best to call the Help Desk at X4357
(H-E-L-P) to make sure that everything is done correctly.

The best defenses against MyLife, Impo, and other viruses and worms are to: 1) keep your system's Norton Anti-Virus software updated (no less than once a week), and 2) avoid downloading attachments from unfamiliar sources. If your Windows system does not run Norton Anti-Virus or if you are not sure how to update this software, call Gene Schultz at X2640.
Top | Return to Computing News