Trend and Secunia have issued MEDIUM RISK alerts for MYTOB.AR. Click these links below for more information:
MYTOB.AR - Secunia alert MEDIUM RISK
TREND MICRO - MEDIUM RISK
MYTOB.CU - Symantec
W32/Mytob.bh - McAfee (DAT 4502)
quote: As of May 30, 2005 3:08 AM (PDT/GMT-7:00), TrendLabs has declared a MEDIUM risk alert in order to control the spread of WORM_MYTOB.AR. TrendLabs has received several infection reports indicating that this worm is currently spreading in Australia, China, Hongkong, India, Japan, Korea, Philippines, Taiwan, and the United States.
Similar to other MYTOB variants, this memory-resident worm propagates by sending a copy of itself as an attachment (file size is around 29,868 to 29,882 bytes) to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine.
EXAMPLE - Usually an EMAIL delivery or account issue
EMAIL FORMAT
Subject: (any of the following)
• {Random}
• *DETECTED* Online User Violation
• *IMPORTANT* Please Validate Your Email Account
• *IMPORTANT* Your Account Has Been Locked
• *WARNING* Your Email Account Will Be Closed
• Account Alert
• Email Account Suspension
• Important Notification
• Notice of account limitation
• Notice: **Last Warning**
• Notice:***Your email account will be suspended***
• Security measures
• Your email account access is restricted
• Your Email Account is Suspended For Security Reasons
Attachment: (any combination of the following file names and extension names)
File name:
• {random}
• account-details
• document
• document_full
• email-doc
• email-info
• info
• information
• info-text • instructions
• your_details
Extension name: BAT, CMD, EXE, PIF, SCR, ZIP