'My Party' E-Mail Virus Hides as URL

Antivirus software vendors are raising the alarm about a mass-mailer computer virus dubbed My Party that tricks victims by masquerading as the URL www.myparty.yahoo.com.

It looks like a harmless URL, but the victim clicking on it will infect his or her machine with the My Party virus, which then mails itself out to the list of addresses in the victim's Microsoft Outlook database. That could potentially cause congestion in corporate e-mail servers, though antivirus vendors say the virus outbreak seems mild so far.

The My Party virus doesn't appear to carry any other dangerous payload, such as one that deletes files, though antivirus tool vendors TruSecure and Symantec have determined that there is a Trojan horse in the virus. The Trojan horse sends e-mail about the spread of the My Party virus to a particular e-mail address, napster@gala.net.

"We also think it allows the virus writer to have access to the machine," said Sharon Ruckman, senior director for Symantec security response.

New Method

"We've known before that you can get infected by a URL link," said Vinnie Gullotto, vice president of AVERT Labs at Network Associates. A virus called Coolside spotted about six months ago also looked like a URL but in fact was a Microsoft executable file attachment.

The My Party mass-mailer worm is "not amazingly innovative," said TruSecure's virus researcher Roger Thompson. "It just looks like a URL."

Antivirus software vendors said that their customers would have to upload the latest virus signature update to protect their computers against My Party. Ian Hameroff, business manager for security solutions at Computer Associates, notes that some customers managed to stop the My Party virus early on by content filtering of file attachments at the gateway level.

What to Watch For

The virus arrives with the subject line "New photos from my party!" The body of the message says "Hello! My party...It was absolutely amazing! I have attached my web page with new photos! If you can please make color prints of my photos! Thanks!"

However, clicking on the URL does not open a Yahoo photo Web page but simply activates the My Party virus, which seeks to mail itself out via the victim's Outlook directory list of addresses.

"This mass-mailer worm will impact the credibility of all URLs, particulary those for photo archives such as Yahoo and Shutterfly," notes Chris Wraight, technical director of Sophos in Boston. The My Party virus is likely to force e-mail users to continually question the authenticity of the URLs they receive, particularly for online photo archives.