Mytob worm variant spreads quickly

Posted on Monday, June 06 2005 @ 1:00 CEST by Thomas De Maesschalck
Sophos reports new variants of the Mytob worm are spreading quickly by e-mail. The e-mails have subjects like "*DETECTED* Online User Violation", "Your Email Account is Suspended For Security Reasons", "Important Notification", "Account Alert" and also others.

If a user opens the attachment the virus will try to deactivate security software and will deny access to many popular security websites. It will also install a backdoor on the computer to give unauthorised and remote users access to the system.

The creators of Mytob appear to be a group of virus writers called Hellbot. Having more than one writer may aid them in issuing several different variants in short time periods.
"The Mytob source codes suggest that the virus writers are following a carefully planned strategy, whereby the routine allows the virus to develop." "By issuing many threats, all of which are tweaked slightly differently, they may be searching for the elements of their malicious code that will help them create a super worm."

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments