Worm MyTob

It has been observed variants of MyTob worm are spreading in the wild. It is a low risk worm with various variants. These series of worms uses their own SMTP engine to send an email to addresses that it gathers from files on the compromised computer. The email has a variable subject and attachment name. The attachment will have a .bat, .cmd, .doc, .exe, .htm, .pif, .scr, .tmp, .txt, or .zip file extension. This worm has backdoor capabilities, which enables it to connect to Internet Relay Chat (IRC) server such as 18.xxor.bi, shell15.fiberirc.net and shell16.fiberirc.net on different TCP ports. Once a connection is established, it joins IRC channels such as #m-rl1, where it listens for commands from a remote malicious user. Some variants of MyTob also attempt to prevent access to all major antivirus and security sites by redirecting related queries to local host (127.0.0.1) by making entries in HOSTS file. This worm was discovered on February 26 and latest variant MyTob.AN is reported on 11 th April 2005 .

• http://secunia.com/virus_information/15738/
• http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?
  VName=WORM%5FMYTOB%2EAN
• http://www.sarc.com/avcenter/venc/data/
  w32.mytob.v@mm.html
• http://www.sophos.com/virusinfo/analyses/w32mytobz.html

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91 11-24368572

Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003