Results 1 to 3 of 3

Thread: Email Worm Alert Worm.Win32.Mytob.bd | W32.Mytob.DA@mm

  1. 06-02-2005, 06:14 PM #1
    RealitY
    RealitY is offline
    RealitY's Avatar SP MngR
    Join Date
    Apr 2003
    Posts
    8,945
    Well Im sure theres a dozen ways to do this but I received an email form [email protected] saying...
    We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.
    The attachment is labeled "email-info.zip" which contains 1 file cleverly labeled
    PHP Code:
    email-info.htm                                                                      .exe 
    Seems theyve inserted lots of spaces so that you wont see the actual extension. I have scanned with Symantic which is updated and has found nothing. I have also scanned with AVG which only flags the fact that it has a hidden extension and nothing more. Ive spoken to a rep and it seems this has just started and may be a growing problem to be aware of anything similar then. I am currently taking a look on my Virtual Machine now...
    Last edited by RealitY; 06-02-2005 at 07:08 PM.
    Reply With Quote Reply With Quote
  3. 06-02-2005, 06:33 PM Internet, Programming and Graphics   -   #2
    RealitY
    RealitY is offline
    RealitY's Avatar SP MngR
    Join Date
    Apr 2003
    Posts
    8,945
    Well I though it was odd that two scanners came up with nothing so I tried a different on also...

    Kaspersky Online Virus Scanner
    Detection added Jun 02 2005
    Behavior Net-Worm

    Attention!
    Kaspersky Anti-Virus has detected a virus in the file you have submitted.
    Scanned file: email-info.zip
    ~ .exe - infected by Net-Worm.Win32.Mytob.bd

    Statistics:
    Known viruses: 132116 Updated: 02-06-2005
    File size (Kb): 62 Virus bodies: 1
    Files: 1 Warnings: 0
    Archives: 1 Suspicious: 0
    Closest thing Ive found on Symantec site
    Discovered on: June 02, 2005
    Last Updated on: June 02, 2005 10:31:40 AM

    W32.Mytob.DA@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

    Also Known As: Win32.Mytob.DT [Computer Associates], Net-Worm.Win32.Mytob.bd [Kaspersky Lab], W32/Mytob.gen@MM [McAfee], W32/Mytob-P [Sophos], WORM_MYTOB.BY [Trend Micro]

    Type: Worm
    Infection Length: 62,464 bytes

    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
    http://[email protected]

    It seems thats the one as it matches the name at Kapersky but hasnt been updated as of yet.
    Last edited by RealitY; 06-02-2005 at 07:31 PM.
    Reply With Quote Reply With Quote
  5. 06-02-2005, 07:27 PM Internet, Programming and Graphics   -   #3
    tesco
    tesco is offline
    tesco's Avatar woowoo
    Join Date
    Aug 2003
    Location
    Canadia
    Posts
    21,669
    NOD32 found it.



    that was it stopping the file from being created by MSN.

    as a rar file NOD32 didn't see it until i tried to extract.
    Last edited by tesco; 06-02-2005 at 07:36 PM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Page Generation Time
0.08
Number of Queries
15
Links: Talkgold Forum | AdServices