MyWife Malware

On January 30, 2006, in Security, by

 This alert is to notify you of the release of Microsoft Security
Advisory (904420).

Microsoft wants to make customers aware of the Mywife mass mailing
malware variant named Win32/Mywife.E@mm. The mass mailing malware tries
to entice users through social engineering efforts into opening an
attached file in an e-mail message. If the recipient opens the file, the
malware sends itself to all the contacts that are contained in the
system’s address book. The malware may also spread over writeable
network shares on systems that have blank administrator passwords.
Customers who are using the most recent and updated antivirus software
could be at a reduced risk of infection from the Win32/Mywife.E@mm
malware. Customers should verify this with their antivirus vendor.
Antivirus vendors have assigned different names to this malware but the
Common Malware Enumeration (CME) group has assigned it ID CME-24.

On systems that are infected by
Win32/Mywife@E.mm, the malware is
intended to permanently corrupt a number of common document format files
on the third day of every month. February 3, 2006 is the first time this
malware is expected to permanently corrupt the content of specific
document format files.  The malware also modifies or deletes files and
registry keys associated with certain computer security-related
applications. This prevents these applications from running when Windows
starts. For more information, see the Microsoft Virus Encyclopedia
(
http://www.microsoft.com/security/encyclopedia/details.aspx?Name=Win32/Mywife.E@mm).

As with all currently known variants of the Mywife malware, this variant
does not make use of a security vulnerability, but is dependant on the
user opening an infected file attachment. The malware also attempts to
scan the network looking for systems it can connect to and infect   It
does this in the context of the user. If it fails to connect to one of
these systems, it tries again by logging on with “Administrator” as the
user name together with a blank password.
Customers who believe that they are infected with the Mywife malware, or
who are not sure whether they are infected, should contact their
antivirus vendor.  Alternatively, Windows Live Safety Center Beta Web
site (
http://safety.live.com) provides the ability to choose “Protection
Scan” to ensure that systems are free of infection. Additionally, the
Windows OneCare Live Beta (
http://www.windowsonecare.com), which is
available for English language systems, provides detection for and
protection against the Mywife malware and its known variants.

For more information about the Mywife malware, to help determine whether
you have been infected by the malware, and for instructions on how to
repair your system if you have been infected, see the Microsoft Virus
Encyclopedia
(
http://www.microsoft.com/security/encyclopedia/details.aspx?Name=Win32/Mywife.E@mm).


For Microsoft Virus Encyclopedia references, see the
“Overview” section. We continue to encourage customers to use caution
with unknown file attachments and to follow our Protect Your PC guidance
of enabling a firewall, getting software updates, and installing
antivirus software. Customers can learn more about these steps by
visiting the Protect Your PC Web site
(
http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx).   
Suggested Actions:

*    Use up-to-date antivirus software
Most antivirus software can detect and prevent infection by known
malicious software. You should always run antivirus software on your
computer that is updated with the latest signature files to
automatically help protect you from infection. If you don’t have
antivirus software installed, you can get it from one of several
companies. For more information, see
http://www.microsoft.com/athome/security/downloads/default.mspx

*    Use caution with unknown attachments
Use caution before opening unknown e-mail or IM attachments, even if you
know the sender. If you cannot confirm with the sender that a message is
valid and that an attachment is safe, delete the message immediately,
and run up-to-date antivirus software to check your computer for
viruses.

*    Use strong passwords
Strong passwords on all privileged user accounts, including the
Administrator account, will help block this malware’s attempt to spread
through network shares. 
*    Remove unneeded network shares
Malware can often spread over network shares. Remove unneeded network
shares that are mapped to your computer. To remove network shares in Windows XP
o    On the Start menu, click My Computer.
o    On the Tools menu, click Disconnect Network Drives…
o    In the Disconnect Network Drives dialog box, click the drives to
disconnect and click OK.

*    Protect Your PC
We continue to encourage customers follow our Protect Your PC guidance
of enabling a firewall, getting software updates and installing
ant-virus software. Customers can learn more about these steps by
visiting Protect Your PC Web site (
http://www.microsoft.com/protect).
For more information about staying safe on the Internet, customers can
visit the Microsoft Security Home Page
(
http://www.microsoft.com/security).

More information can be found:
http://www.microsoft.com/technet/security/advisory/904420.mspx
Microsoft Security Advisories are located at this location:
http://www.microsoft.com/technet/security/advisory/default.mspx

If you have any questions regarding this alert please contact your
Technical Account Manager or Application Development Consultant.

Thank you,
Microsoft PSS Security Team

 

Comments are closed.