A worm called Mytob is making its way quickly across the Internet. Like many of its predecessors, this is a mass mailing worm. But it is different in that is is evolving and changing.
Just last week, eight new variations were found and over a dozen have been found since March 1. Just yesterday, Symantec reported finding two new variations. Both new worms achieved a low or moderate threat rating from Symantec, as have earlier variants of Mytob, but the company is still recommending that people update their security software immediately to protect against the emerging threat.
All the of Mytob variants are distributed via mass e-mail campaigns, feature so-called backdoor capabilities, and attack computers running Microsoft's Windows operating system. The worm uses its own SMTP (Simple Mail Transfer Protocol) engine to forward itself to e-mail addresses that it gathers from infected computers. The threat also spreads by exploiting the Local Security Authority Service Remote Buffer Overflow in Windows, an opening that Microsoft has already addressed in its periodic security updates.
The latest versions of Mytob also attempt to block infected computers from accessing the security update Web sites of companies such as Symantec, McAfee and Microsoft, by adding text to a compromised PC's Hosts file.
Symantec has tracked numerous variations of the two new Mytob worms, with each threat being distributed from a number of different sender names and featuring a range of e-mail subject lines and message texts. Both Mytob.R and Mytob.S arrive in e-mails with subject lines that include the phrases "good day" and "mail transaction failed."
I hope your virus definitions are up to date.
No comments:
Post a Comment