Utrecht, 9 mei 2005 - Trend Micro today issued a "medium risk" alert for WORM_MYTOB.ED to raise awareness of this SMPT-based mass-mailing worm that pretends to be a legitimate email warning regarding a delivery error or an email account problem. Sightings of the worm have been reported in Europe and APAC.
WORM_MYTOB.ED is a memory-resident worm that propagates by sending a copy of itself as an attachment to an email message, which it sends to target recipients, using its own Simple Mail Transfer Protocol (SMTP) engine. It harvests target email addresses from the Temporary Internet Folder Windows address book (WAB), as well as from files with certain extension names. It may also generate email addresses by using a list of names and any of the domain names of the previously gathered addresses.
WORM_MYTOB.ED also acts as an Internet Relay Chat (IRC) 'BOT' program, which allows a remote user to perform malicious commands, such as downloading or executing files, on an affected machine through IRC backdoors. Gaining remote access to an affected system directly compromises system security and leaves victims at risk to further malicious attacks.
Once a system has been infected, the worm MYTOB.ED prevents users accessing several antivirus and security Web sites by redirecting the connection from the local machine, thereby preventing them from identifying and removing the malware.
Since WORM_MYTOB first appeared on February 27, 2005, TrendLabs, Trend Micro's global antivirus research and support centers, have identified 100 different variants of this worm.
According to the April 2005 Monthly Virus Roundup, published by TrendLabs, although WORM_MYTOB is similar to previous BOT worms like WORM_AGOBOT and WORM_RBOT (which exploit the LSASS vulnerability in Windows) WORM_MYTOB differs in one respect that it spreads via email.
WORM_MYTOB.ED arrives in a file about 33 KB in size. It affects Windows 95, 98, ME, NT, 2000 and XP platforms.
Trend Micro customers are protected through the latest pattern file, number 2.619.00. Customers of Outbreak Prevention Services should download OPP 172 (or later) to help protect against spread of this threat. For customers of Damage Cleanup Services, Damage Cleanup template # 590 should be downloaded to help with automated restoration of affected systems.
Other users should use Trend Micro's free online virus scanner, Housecall, which can be found at housecall.trendmicro.com/
For more information on WORM_MYTOB.ED, please visit here.
# # #
About Trend Micro
Trend Micro is a leader in network antivirus and Internet content security software and services. The Tokyo-based corporation has business units worldwide. Trend Micro products are sold through corporate, value-added resellers and managed service providers. For additional information and evaluation copies of all Trend Micro products, visit: www.trendmicro.com.
Trend Micro and the t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company or product names may be trademarks or registered trademarks of their owners. Information is accurate time it was written and is subject to change without notice.
# # #
Voor meer informatie:
Trend Micro
Mireille Boetje
Tel: +31 (0)30 2106 333
E-mail: mireille_boetje@trendmicro.co.uk
Lammers van Toorenburg Benelux PR
Anja Breunis / Annegees van Linge
Tel: +31 (0)30 6565 070
E-mail: trendmicro@lvtpr.nl