The Web    Google
4/27: Mytob-CY Worm Arrives as Email Attachment

4/27: Mytob-CY Worm Arrives as Email Attachment
April 27, 2005

Like other Mytob worm variants, Worm_Mytob.CY propagates by sending a copy of itself as an attachment to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine.

It gathers target email addresses from the Temporary Internet files folder, Windows address book (WAB), as well as from files with certain extension names. It may also generate email addresses by using a list of names and any of the domain names of the previously gathered addresses.

This worm also takes advantage of certain Windows vulnerabilities to propagate. For more information about these vulnerabilities, please refer to the following Microsoft Web pages:

Microsoft Security Bulletin MS04-011
Microsoft Security Bulletin MS03-026

This worm has backdoor capabilities, which allow a remote user to perform malicious commands on the affected machine. The said routine provides remote users virtual control over affected systems, thus compromising system security.

Moreover, it prevents users from acessing several antivirus and security Web sites by redirecting the connection to the local machine.

It also drops a component file, which is responsible for creating copies of this worm. The said component is detected by Trend Micro as WORM_MYTOB.J.

More information can be found at Trend Micro page.

  • 11/9: Rbot-PG Worm also a Trojan
  • 1/13: Expl_Iconex-A an Animated Cursor File
  • Security Experts On Alert for Large-Scale Hacker Assault
  • 4/6: Randex-DFJ Worm Attacks Passwords
  • New Tool Helps Ensure Users Employ Strong Passwords
  • In the Year 2005, Will Your Anti-Spam Arsenal Be the Same?
  • 6/3: Agobot-SU Controlled by IRC Bot
  • CEO Warns Threats are Coming from the Inside
  • 10/1: Spybot-EAS Remotely Controlled
  • Sun, Partners Develop Security Appliances
  • 2/17: Poebot-A Worm Has Backdoor Functions
  • Security Camera Price