The Web    Google
5/20: Mytob-EU Worm Drops Copy

5/20: Mytob-EU Worm Drops Copy
May 20, 2005

Upon execution, Worm_Mytob.EU drops a copy of itself in the Windows system folder as T4SKGMR.EXE. It also drops the component file HELLMSN.EXE in the root folder (usually C:\). This component file further creates the following copies of this worm in the root folder:

  • MY_PHOTO2005.SCR

    Trend Micro detects HELLMSN.EXE as WORM_MYTOB.J.

    This worm exploits the following Windows vulnerabilities:

  • LSASS vulnerability

    Technical information can be found at Trend Micro page.

  • Bagle-AA Moves Maliciously into 3rd Place
  • 3/30: Kelvir-F IM Worm Sends Message
  • 3/25: Sdbot-WG a Worm and IRC Trojan
  • A Pattern Language For Spam
  • 9/1: Bugbear-I a Mass-Mailing Worm
  • Cisco Fixes a Pair of IOS Vulnerabilities
  • 10/12: Forbot-AZ Worm Has Backdoor
  • 11/8: Linkbot-A Exploits LSASS Flaw
  • 2/3: Rbot-VD a Worm and a Trojan
  • 1/27: Rbot-AIX Worm Has Backdoor Functions
  • Exploit for Windows SSL Flaw Circulating
  • Security Camera Companies and products