Your Ad Here Your Ad Here
Results 1 to 3 of 3

Thread: Email Worm Alert | W32.Mytob.DA@mm

  1. #1
    Well Im sure theres a dozen ways to do this but I received an email form saying...
    We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.
    The attachment is labeled "" which contains 1 file cleverly labeled
    PHP Code:
    email-info.htm                                                                      .exe 
    Seems theyve inserted lots of spaces so that you wont see the actual extension. I have scanned with Symantic which is updated and has found nothing. I have also scanned with AVG which only flags the fact that it has a hidden extension and nothing more. Ive spoken to a rep and it seems this has just started and may be a growing problem to be aware of anything similar then. I am currently taking a look on my Virtual Machine now...
    Last edited by RealitY; 06-02-2005 at 07:08 PM.

  2. ** REGISTER to REMOVE This Ad On The Site!! **
    Your Ad Here Your Ad Here
  3. Internet, Programming and Graphics   -   #2
    Well I though it was odd that two scanners came up with nothing so I tried a different on also...

    Kaspersky Online Virus Scanner
    Detection added Jun 02 2005
    Behavior Net-Worm

    Kaspersky Anti-Virus has detected a virus in the file you have submitted.
    Scanned file:
    ~ .exe - infected by

    Known viruses: 132116 Updated: 02-06-2005
    File size (Kb): 62 Virus bodies: 1
    Files: 1 Warnings: 0
    Archives: 1 Suspicious: 0
    Closest thing Ive found on Symantec site
    Discovered on: June 02, 2005
    Last Updated on: June 02, 2005 10:31:40 AM

    W32.Mytob.DA@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

    Also Known As: Win32.Mytob.DT [Computer Associates], [Kaspersky Lab], W32/Mytob.gen@MM [McAfee], W32/Mytob-P [Sophos], WORM_MYTOB.BY [Trend Micro]

    Type: Worm
    Infection Length: 62,464 bytes

    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

    It seems thats the one as it matches the name at Kapersky but hasnt been updated as of yet.
    Last edited by RealitY; 06-02-2005 at 07:31 PM.

  4. Internet, Programming and Graphics   -   #3
    tesco's Avatar FST Programmer
    Join Date
    Aug 2003
    NOD32 found it.

    that was it stopping the file from being created by MSN.

    as a rar file NOD32 didn't see it until i tried to extract.
    Last edited by tesco; 06-02-2005 at 07:36 PM.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts