Zero day protection against MyWife.d

NEW DELHI: McAfee, Inc. the leader in Intrusion Prevention and Security Risk Management, has announced that it has provided proactive zero-day protection for the W32/MyWife.d@MM!M24 worm, also known as MyWife.d bearing the CME ID of CME-24 (M24 in the abbreviated form), since December 2, 2005, six weeks prior to the discovery of the threat.

MyWife.d, which has the alias Blackworm, Blackmal, Nyxem, and Kama Sutra, was profiled Low risk by McAfee AVERT Labs, the world-class research division of McAfee, Inc., on January 17, 2006. Customers have been provided detection since the 4642 DAT files.

MyWife.d is a mass mailing virus that contains its own SMTP engine to construct outgoing messages, has the ability to spread through open network shares, attempts to lower security settings, disables security software, and overwrites files. The threat activates the third of every month, starting February 3. The worm harvests addresses from local files and then uses the harvested addresses to send itself, producing a message with a spoofed "From" address.

"McAfee AVERT Labs maintains its Low threat rating on the MyWife virus and predicts that the data destructive payload will have minimal impact on computer users when it hits on February 3rd," said Craig Schmugar, virus research manager, McAfee AVERT Labs. "While this threat is a throwback to more destructive worms of past years, and does not mimic the subtleties of many current viruses that are designed to generate income, the number of actual detections and possible infections remains very low."

With McAfee's Security Risk Management approach, customers can effectively address business priorities and security realities. McAfee's award-winning solutions identify and block known and unknown attacks before they can cause damage.

McAfee VirusScan Enterprise 8.0i and McAfee Managed VirusScan plus AntiSpyware provide generic zero-day protection against MyWife.d with the 4642 DATs, and specific variant detection in the 4677 DATs and later.

McAfee IntruShield provides protection in signature sets 1.8.68, 1.9.51, 2.1.34 and 3.1.7. McAfee IntruShield sensors deployed in in-line mode can be configured with a response action to drop such packets for preventing these attacks.

More information on MyWife.d and the cure for this worm can be found online at vil.mcafee.com. McAfee customers have been proactively protected since the 4642 DAT files released on December 2, 2005 which detected this as W32/Generic.worm!p2p.

For customers running at least this DAT file, no action is required. Specific named detection as W32/MyWife.d@MM has already been added since the 4677 DAT release of January 18. McAfee AVERT Labs recommends all customers insure they are running the latest DAT release and schedule full system scans to insure an infection-free environment.