win32/Mytob.EA Worm Solution!

We have a network protected with NOD32 Enterprise, have protected our Exchange Server with NOD32 XMON also...

Some of our clients get some emails contaning `win32/Mytob.EA Worm', the emails come from non-real (info, administrator,webmaster,support &...) users from our own local domain...
NOD32 cleans the infected mails and delete the worm, But how should we get rid of this worm and don't receive this kind of mail...

The worm sends our clients emails containing non-real information and ... an email like below...

------------------------------------------------------------
From: info@domain.com [mailto:info@domain.com]
Sent: 27/Jun/2005 12:00 AM
To: Nasiri, Tofigh
Subject: [virus Win32/Mytob.EA worm] bpbzwqw


Dear Domain Member,

We have temporarily suspended your email account nasiri@domain.com.

This might be due to either of the following reasons:

1. A recent change in your personal information (i.e. change of address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.
See the details to reactivate your Mapna account.

Sincerely,The Domain Support Team


__________ NOD32 EMON 1.1155 (20050626) Warning __________

Warning, NOD32 antivirus system found the following in the message:
email important-details.zip - Win32/Mytob.EA worm - unable to clean - deleted

http://www.eset.com


--------------------------------------------------------------------

 

Uhm, the problem is, as you told, fake email addy. It is generated by a worm and most likely comes from outside your company.... i am afraid there not too much to do with this.

 

but setup your mailserver to NOT handle bounces... it's a pitr...