Trend Micro Virus Alert - WORM_MYTOB.EG

Discussion in 'malware problems & news' started by Randy_Bell, May 10, 2005.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Dear Trend Micro customer,

    As of May 9, 2005 5:57 PM PST (Pacific Standard Time/GMT -8:00), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_MYTOB.EG. TrendLabs has received several infection reports indicating that this malware is spreading in the United States.

    The following is a summary of this worm's routines:

    This worm propagates by sending a copy of itself as an attachment to email messages, which it sends to target addresses, using its own Simple Mail Transfer Protocol (SMTP) engine.

    It gathers target email addresses from the Temporary Internet Files folder, Windows address book (WAB), as well as from files with certain extension names. It may also generate email addresses by using a list of names and any of the domain names of the previously gathered addresses.

    This worm has backdoor capabilities, which allow a remote user to perform malicious commands on the affected machine. The said routine provides remote users virtual control over affected systems, thus compromising system security.

    Moreover, it prevents users from accessing several antivirus and security Web sites by redirecting the connection to the local machine.


    TrendLabs will be releasing the following EPS deliverables:

    TMCM Outbreak Prevention Policy 173 - released
    Official Pattern Release 2.621.00 - to be released in 1hour
    Damage Cleanup Template 592.00 - released

    For more information on WORM_MYTOB.EG, you can visit our Web site at:
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.EG
     
  2. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
Loading...
Thread Status:
Not open for further replies.