Email Worm Alert Worm.Win32.Mytob.bd | W32.Mytob.DA@mm
Well Im sure theres a dozen ways to do this but I received an email form [email protected] saying...
Quote:
We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.
The attachment is labeled "email-info.zip" which contains 1 file cleverly labeled
PHP Code:
email-info.htm .exe
Seems theyve inserted lots of spaces so that you wont see the actual extension. I have scanned with Symantic which is updated and has found nothing. I have also scanned with AVG which only flags the fact that it has a hidden extension and nothing more. Ive spoken to a rep and it seems this has just started and may be a growing problem to be aware of anything similar then. I am currently taking a look on my Virtual Machine now...
Email Worm Alert Worm.Win32.Mytob.bd | W32.Mytob.DA@mm
Well I though it was odd that two scanners came up with nothing so I tried a different on also...
Kaspersky Online Virus Scanner
Quote:
Detection added Jun 02 2005
Behavior Net-Worm
Attention!
Kaspersky Anti-Virus has detected a virus in the file you have submitted.
Scanned file: email-info.zip
~ .exe - infected by Net-Worm.Win32.Mytob.bd
Statistics:
Known viruses: 132116 Updated: 02-06-2005
File size (Kb): 62 Virus bodies: 1
Files: 1 Warnings: 0
Archives: 1 Suspicious: 0
Closest thing Ive found on Symantec site
Quote:
Discovered on: June 02, 2005
Last Updated on: June 02, 2005 10:31:40 AM
W32.Mytob.DA@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
Also Known As: Win32.Mytob.DT [Computer Associates], Net-Worm.Win32.Mytob.bd [Kaspersky Lab], W32/Mytob.gen@MM [McAfee], W32/Mytob-P [Sophos], WORM_MYTOB.BY [Trend Micro]
Type: Worm
Infection Length: 62,464 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
http://[email protected]
It seems thats the one as it matches the name at Kapersky but hasnt been updated as of yet.
Email Worm Alert Worm.Win32.Mytob.bd | W32.Mytob.DA@mm
NOD32 found it. :01:
http://img140.echo.cx/img140/8657/my...hot68md.th.jpg
that was it stopping the file from being created by MSN.
as a rar file NOD32 didn't see it until i tried to extract.