Clinton worm variant makes fun of Sharon

MyLife saga saps Internet security

By John Leyden • Get more from this author

Posted in Anti-Virus, 12th April 2002 15:24 GMT

Free whitepaper – Avoiding 7 common mistakes of IT security compliance

The Internet vandal behind the MyLife virus released four fresh variants this week, bringing the grand total to 10.

The latest variants of the worm, which can delete files on an infected PC, are spreading to a modest extent and finding fresh victims despite their market similarities.

Infection bearing emails, which all pretend to be screensavers, differ only in the words in the message and the infected attachment they harbour. Early variants of MyLife promised a screensaver that poked fun at former US President whereas MyLife-G and MyLife-J, for example, offer a less than flattering caricature of Israeli premier Ariel Sharon.

Variants of the worm, which affect only Windows PCs, spread from infected machines to addresses in a victim's Outlook address book and MSN Messenger contact list.

Andre Post, a senior researcher at Symantec's AntiVirus Research Centre, said that changes between different versions of MyLife, and the payload of the worm, were minor. He expressed surprise that the variants was spreading because the tricks used by the virus to fool people into double clicking on the attachment, and becoming infected, were crude.

Many variants of the virus have been created because the origin virus writer (whose identity remains unknown) is experimenting in worm creation, Post reckons.

Users are advised not to open suspicious attachments and to update their antiviral signatures to block the virus. Antivirus vendors are in the process of updating virus signatures to spot the malicious code and protection is now largely in place. ®