Mytob Worm Threat May Be Serious

    June 6, 2005
    WebProNews Staff

Security researchers urge users and administrators to update antivirus signature files and verify their systems have been patched.

Mytob variants seem to account for more than half of the top twenty reported viruses in the wild today, according to researchers at antivirus software maker Sophos.

The Mytob worms come in an attachment to an e-mail. The message in the e-mail usually purports to be from an administrator and tells users their e-mail accounts are about to be suspended.

Possible subject headers for the worm include “*IMPORTANT* Please Validate Your Email Account” and “Notice: **Last Warning**.”

The latest version of the mass mailing worm poses a lot of problems if it infects a machine. It can open a backdoor in a system, allowing it to be controlled remotely. And it can redirect browser requests to some antivirus web sites to the local machine and cause them to fail.

Another variant of Mytob called contains spyware elements. There is concern among security researchers that this new version could be a way for spyware makers to profit financially from it.

A Sophos consultant says the Mytob worms may be the creation of a group of virus writers called Hellbot. Carole Theriault thinks the writers may be following a strategy of tweaking Mytob until they find a combination of elements that lets them create a superworm.

David Utter is a staff writer for WebProNews covering technology and business. Email him here.