Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Mytob virus - 4 new variants spread by email & MS04-011 exploit

W32.Mytob.M@mm

W32.Mytob.O@mm

W32.Mytob.K@mm

W32.Mytob.L@mm

W32.Mytob.M@mm is a mass-mailing worm with back door capabilities. The worm uses its own SMTP engine to send email to addresses that it gathers from the compromised computer. The worm also spreads by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow, as described in Microsoft Security Bulletin MS04-011

EMAIL MESSAGES TO BLOCK OR AVOID

Subject: One of the following:

  • Good day
  • hello
  • Mail Delivery System
  • Mail Transaction Failed
  • Server Report
  • Status
  • Error
  • [No Subject]
  • [random letters]

    Message: One of the following:
  • Here are your banks documents.
  • The original message was included as an attachments.
  • The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
  • The message contains Unicode characters and has been sent as a binary attachment.
  • Mail transaction failed. Partial message is available.
  • [Random data]

    Attachment: One of the following:
  • document
  • readme
  • doc
  • text
  • file
  • data
  • test
  • message
  • body
  • [random letters]

    with one of the following extensions:
  • .bat
  • .cmd
  • .exe
  • .pif
  • .scr
  • .zip
    • Posted: Mar 26 2005, 07:00 AM by Harry Waldron | with no comments