Mytob virus - 4 new variants spread by email & MS04-011 exploit
W32.Mytob.M@mm is a mass-mailing worm with back door capabilities. The worm uses its own SMTP engine to send email to addresses that it gathers from the compromised computer. The worm also spreads by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow, as described in Microsoft Security Bulletin MS04-011
EMAIL MESSAGES TO BLOCK OR AVOID
Subject: One of the following:
Mail Delivery System
Mail Transaction Failed
Message: One of the following:
Here are your banks documents.
The original message was included as an attachments.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
The message contains Unicode characters and has been sent as a binary attachment.
Mail transaction failed. Partial message is available.
Attachment: One of the following:
with one of the following extensions: