The Web    Google
4/8: Mytob-S Worm Continues to Flourish

4/8: Mytob-S Worm Continues to Flourish
April 8, 2005

Anti-virus vendors continue to issue alerts for mass-mailing Mytob worm variant and backdoor Trojan W32/Mytob-S. According to Sophos, W32/Mytob.S targets users of Internet Relay Chat programs.

The worm drops the files msdirectx.sys (detected by Sophos's anti-virus products as Troj/NtRootK-F), winsys.exe (detected by Sophos's anti-virus products as Troj/Furoot-B) and coolbot.exe (detected by Sophos's anti-virus products as W32/Mytob-H). Note that W32/Mytob-S uses the filename "coolbot.exe" for both a copy of the original worm in the Windows system folder and as the dropped file in the root folder, though they are different files.

W32/Mytob-S is capable of spreading through email and through various operating system vulnerabilities.

More information can be found at Sophos page.

  • Protecting Data While Protecting Your Job
  • 1/7: Sdbot-TB Worm Lets Hackers In Via IRC
  • AntiOnline Spotlight: Wireless Security
  • 2/21: Derdero-B Worm Uses File Sharing
  • 4/8: Cabir-J Worm Affects Symbian Phones
  • Tabbed Browsing Flaws Detected
  • FTC Seeks Court Order Against "Do Not Call" Web Site
  • 1/11: Agobot-OV Worm Connects to IRC Server
  • Blaming Users for Virus Chaos?
  • Will Users of Word 97 'Bug' Out?
  • 9/1: Bugbear-I a Mass-Mailing Worm
  • Home Security Camera Background