The Web    Google
4/11: Mytob-AG Sends Copy of Itself

4/11: Mytob-AG Sends Copy of Itself
April 11, 2005

Like other WORM_MYTOB variants, Worm_Mytob-AG propagates by sending a copy of itself as an attachment to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine.

It gathers target email addresses from the Temporary Internet files folder, Windows address book (WAB), as well as from files with certain extension names. It may also generate email addresses by using a list of names and any of the domain names of the previously gathered addresses.

This worm also takes advantage of the following Windows vulnerabilities to propagate:

RPC/DCOM vulnerability
LSASS vulnerability

For more information about these vulnerabilities, please refer to the following Microsoft Web pages:

Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS04-011

This worm has backdoor capabilities, which allow a remote user to perform malicious commands on the affected machine. The said routine provides remote users virtual control over affected systems, thus compromising system security.

Moreover, it prevents users from accessing several antivirus and security Web sites by redirecting the connection to the local machine.

It also drops a component file, which is responsible for creating copies of this worm. The said component is detected by Trend Micro as WORM_MYTOB.J.

Technical details can be found at Trend Micro page.

  • 2/21: MyDoom-BC an Email Worm for Windows
  • 2/23: Stang-A Worm Spreads Via MSN IM
  • 1/11: Symbos_Vlasco-B Virus Hits Bluetooth
  • 7/1: PWSteal.Refest Steals Banking Info
  • E-mail security and your legal liability
  • Should You Hack Your Own Network?
  • 2/23: Stang-A Worm Spreads Via MSN IM
  • Can Market Forces Secure the Internet?
  • 11/29: JS/Spawn-C an Encoded Worm
  • MARID Floats Sender ID Compromise
  • New Spam Scam Exploits Pope's Death
  • Security Camera Companies and products