 4/8: Mytob-S Worm Continues to Flourish |
 |
|
|
|
|
|
4/8: Mytob-S Worm Continues to Flourish
April 8, 2005
Anti-virus vendors continue to issue alerts for mass-mailing Mytob worm variant and backdoor Trojan W32/Mytob-S. According to Sophos, W32/Mytob.S targets users of Internet Relay Chat programs.
The worm drops the files msdirectx.sys (detected by Sophos's anti-virus products as Troj/NtRootK-F), winsys.exe (detected by Sophos's anti-virus products as Troj/Furoot-B) and coolbot.exe (detected by Sophos's anti-virus products as W32/Mytob-H). Note that W32/Mytob-S uses the filename "coolbot.exe" for both a copy of the original worm in the Windows system folder and as the dropped file in the root folder, though they are different files.
W32/Mytob-S is capable of spreading through email and through various operating system vulnerabilities.
More information can be found at Sophos page.
|
|
|
|
|
7/20: Mydoom.L@mm a Mass-Mailing Worm
2/28: Rbot-UC a Worm and Trojan
A case study in security incident forensics and response.
New Tool Helps Ensure Users Employ Strong Passwords
4/8: Mytob-S Worm Continues to Flourish
4/12: Mytob-AS Worm Uses SMTP Engine
FTC Seeks Court Order Against "Do Not Call" Web Site
Under the Radar: IM Emerging as a Stealth Threat
2/14: Dopbot-A Worm A Acts as IRC Bot
4/5: Bdoor-ZAT Trojan Opens Backdoor
2/14: Dopbot-A Worm A Acts as IRC Bot
Compare Security Camera Products
 |
