Trend Micro Virus Alert - WORM_MYTOB.EG

Dear Trend Micro customer,

As of May 9, 2005 5:57 PM PST (Pacific Standard Time/GMT -8:00), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_MYTOB.EG. TrendLabs has received several infection reports indicating that this malware is spreading in the United States.

The following is a summary of this worm's routines:

This worm propagates by sending a copy of itself as an attachment to email messages, which it sends to target addresses, using its own Simple Mail Transfer Protocol (SMTP) engine.

It gathers target email addresses from the Temporary Internet Files folder, Windows address book (WAB), as well as from files with certain extension names. It may also generate email addresses by using a list of names and any of the domain names of the previously gathered addresses.

This worm has backdoor capabilities, which allow a remote user to perform malicious commands on the affected machine. The said routine provides remote users virtual control over affected systems, thus compromising system security.

Moreover, it prevents users from accessing several antivirus and security Web sites by redirecting the connection to the local machine.


TrendLabs will be releasing the following EPS deliverables:

TMCM Outbreak Prevention Policy 173 - released
Official Pattern Release 2.621.00 - to be released in 1hour
Damage Cleanup Template 592.00 - released

For more information on WORM_MYTOB.EG, you can visit our Web site at:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.EG

 

Symantec: W32.Mydoom.BQ@mm

Symantec's writeup on this worm: W32.Mydoom.BQ@mm

Tech Details: http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.bq@mm.html#technicaldetails