It's been doing the rounds since the weekend and people are still sending out emails to their friends about it — but this party isn't one you want to go to.
Antivirus firms are warning of a relatively low-risk mass-mailing worm called [email protected] that arrives in email with the subject line "new photos from my party".
The body reads, "Hello! My party... It was absolutely amazing! I have attached my web page with new photos! If you can please make color prints of my photos. Thanks!" and includes an attachment disguised as a harmless-looking hyperlink, 'www.myparty.yahoo.com'.
When victims click on the link, the worm copies itself to all the names contained in the victim's Windows address book. The worm also leaves a Trojan horse program that could leave computers open to other security breaches in the future, said Sharon Ruckman, a director at Symantec's security response center.
After mailing itself to all names in a victim's address book, the worm then sends a message to [email protected] in an apparent attempt keep track of its spread, Ruckman said.
But apart from disguising itself as a URL and being capable of tracking its spread, there is nothing particularly innovative or dangerous about the Myparty worm, said Chris Wraight, a director at Sophos Anti-Virus.
Companies can easily block the threat by filtering out all e-mails with the subject line "new photos from my party," Ruckman said. They can also do the same using the attachment name, she added.
In addition, corporations might want to add a firewall rule blocking access to 18.104.22.168, an apparently malicious website to which the Trojan program tries to gain access, Ruckman said.