This new email threat could be highly disruptive in a network of unpatched Windows workstations or servers.  It is a two part virus that spreads first by email using the MyDoom virus and then launches a Spybot variant in the internal network that would try to spread by the MS04-011 LSASS exploit on port 435. 

Mytob A/B/C variants - MyDoom and Spybot combination
http://www.sarc.com/avcenter/venc/data/w32.mytob@mm.html
http://www.sarc.com/avcenter/venc/data/w32.mytob.b@mm.html
http://www.sarc.com/avcenter/venc/data/w32.mytob.c@mm.html

W32.Mytob.@mm is a mass-mailing worm that uses it own SMTP engine to send an email to addresses that it gathers from the Windows Address Book on the compromised computer. The worm also has the ability to open a back door and spread through the network by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).

EMAIL FORMAT

From: Spoofed

Subject of email:
hello
hi
error
status
test
Mail Transaction Failed
Mail Delivery System
SERVER REPORT
(No Subject)
(random alphabets)

Name of attachment:
Varies with a .bat, .cmd, .exe, .pif, .scr, or .zip file extension