MS04-011: Dozen new Mytob variants emerge over the weekend
About one dozen new variants of Mytob emerged over the past weekend. This virus spreads by email and exploitation of unpatched Windows systems (MS03-026 and MS04-011). This family of viruses is apparently easy to clone and it may become the next Spybot or Agobot when it comes to active development of new variants.
Six of the Latest Variants
This worm also takes advantage of the following Windows vulnerabilities to propagate:
- RPC/DCOM vulnerability
- LSASS vulnerability
For more information about these vulnerabilities, please refer to the following Microsoft Web pages:
Modifies files: Modifies the Hosts file.
Compromises security settings: Blocks access to several security-related web sites.
Name of attachment: Varies with a .bat, .cmd, .exe, .pif, .scr, or .zip file extension.
FORMAT OF EMAIL MESSAGE
Subject: (One of the following)
Mail Delivery System
Mail Transaction Failed
Message: (One of the following)
* Here are your banks documents.
* The original message was included as an attachment.
* The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
* The message contains Unicode characters and has been sent as a binary attachment.
* Mail transaction failed. Partial message is available.
Attachment: (One of the following)
Extensions: pif, scr, exe, bat, cmd, zip