new photos from my party!
Originally Spotted 28/1/02

E-Mail Message Received (please note different mails may differ slightly)

Body Copy:
Hello!
My party... It was absolutely amazing!
I have attached my web page with new photos!
If you can please make color prints of my photos. Thanks!

Attachement:
www.myparty.yahoo.com.

Diagnosis

If the attached file is executed between the 25th January and 29th January 2002 the worm sends a copy of itself to everybody in the Windows Address book using its own built in SMTP engine.

It gets the SMTP server information from the registry key: HKCU\Software\Microsoft\Internet Account Manager\Accounts\00000001

The worm also sends an email to napster@gala.net.

In addition the worm drops a copy of the Trojan Troj/Msstake-A in the user's startup directory. The Trojan is contained in a file named msstask.exe.