Mytob mass-mailing worm spreading rapidly
March 29, 2005
With 8 new variants surfacing in the last week and over a dozen more reported since the beginning of the month, the Mytob worm virus appears to be spreading very quickly. Today, security software maker Symantec reported two more versions of the worm, labeled as W32.Mytob.R and W32.Mytob.S.
On Monday, security software maker Symantec reported two new versions of the virus, labeled as W32.Mytob.R and W32.Mytob.S. Both worms achieved a low or moderate threat rating from Symantec, as have earlier variants of Mytob, but the company is still recommending that people update their security software immediately to protect against the emerging threat.
Like other iterations of Mytob, the two latest versions are distributed via mass e-mail campaigns, feature so-called backdoor capabilities, and attack computers running Microsoft's Windows operating system. The worm uses its own SMTP (Simple Mail Transfer Protocol) engine to forward itself to e-mail addresses that it gathers from infected computers. The threat also spreads by exploiting the Local Security Authority Service Remote Buffer Overflow in Windows, an opening that Microsoft has already addressed in its periodic security updates.
The latest versions of Mytob also attempt to block infected computers from accessing the security update Web sites of companies such as Symantec, McAfee and Microsoft, by adding text to a compromised PC's Hosts file.
Symantec has tracked numerous variations of the two new Mytob worms, with each threat being distributed from a number of different sender names and featuring a range of e-mail subject lines and message texts. Both Mytob.R and Mytob.S arrive in e-mails with subject lines that include the phrases "good day" and "mail transaction failed."
Most of the 13 iterations of the virus discovered since the beginning of this year are nearly identical, but one version, W32.Mytob.Q, which was reported by Symantec on Sunday, harbors a second low threat virus, W32.Pinfi.
Source: C-Net News
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing