Slew Of Mytob Worms Strike

KingFishKingFish
edited March 2005 in Science & Tech
Eight variations of the Mytob worm have appeared in the last five days, said Symantec Monday, all of them able to plant a backdoor on infected machines and prevent them from updating security software.
The eight -- dubbed Mytob.j through Mytob.s with some final letter designations skipped -- are mass-mailed worms that spread by sending themselves to addresses they find on the target Windows PC. They can also spread, said Symantec, by exploiting the LSASS vulnerability in Windows. That bug, first disclosed in an April 2004 security bulletin, http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx has been patched by Microsoft. Still, it remains a favorite target of hackers, who continue to find unpatched systems.

Mytob also tries to prevent infected machines from reaching security update sites -- such as those operated by Symantec, Sophos, McAfee, and Microsoft -- by changing the PC's Hosts file.

The worm comes with a variety of subject headings and attached file names and formats, but it often appears with the subjects of "Mail Transaction Failed" and "Error."

All of the Mytob copycats have been labeled with a "2" warning level by Symantec, which uses a 1 through 5 system.
Source: TechWeb
Sign In or Register to comment.