Security Manifest

Benjamin Johnstone-Anderson, Microsoft MVP - Windows Security

Mobatu.B Develops New Worm Family

Low Risk So Far

The second version of the Mobatu, or Mota, worm family has appeared, in the form of Mobatu.B. So far, most antivirus programs have addeed detection and the worm is rated as low. Thus, it is unlikely that there will be any significant spread. However, subsequent variants could be more troublesome.

Mobatu.B is a moderately complex mass-mailer, using multiple possible subject lines, many of which suggest pornographic content. However, the worm is also capable of adding its attachments into .zip files (this does not always happen.) Spoofing is also used to disguise the sender. This shows that it may be possible that additional, more complex functionality could later be added to this family.

The only payload to this low-damage worm is to connect to one of many servers for the IRC network undernet.org, probably to allow for backdoor commands. The worm's file size is always 32,786 bytes.

Posted: Jul 31 2004, 09:26 PM by trafton | with 5 comment(s)
Filed under: