Two New Variants Of The Mytob Worm Allow Remote Control Of Infected Computers
Wednesday, 11 May 2005 12:00 EST
05/10/2005. The creator (or creators) of the Mytob worms are continuing in their attempt to spread as many malicious code across the Internet as possible. With the detection of the new CU and CX variants, there are now 103 members of this family of worms.
The great danger of the Mytob worms lies in the fact that they have backdoor characteristics, allowing remote control of the computers that they infect. According to Luis Corrons, director of PandaLabs: "The real intention of the creators of these worms is to form a network of infected computers, obeying their orders in unison. This will allow them, for example, to install the same spyware program on hundreds of computers at the same time. Any of these actions could generate significant financial income for the creators".
The new variants of Mytob are similar to their predecessors. They spread via email in messages that simulate notices warning of problems with mail accounts or sent messages. The emails in which these worms are sent include subjects like: “Your email account access is restricted” or “Your Email Account is Suspended For Security Reasons”. The message text can contain messages such as: “To unblock your email account acces, please see the attachment” or “We have suspended some of your email services, to resolve the problem you should read the attached document”.
Finally the attachment to the message, which actually contains the worm, could have names including: “email-info”, “email-text” or “email-doc”.
(The full list of variations is available in Panda Software’s Virus Encyclopedia).
If a user were to run the file attached to these messages, the worm would create a file called internet.exe, and look for email addresses to send itself to in files with a wide range of extensions. In addition, it shuts down processes belonging to certain security applications and modifies the HOSTS file to prevent users from accessing various web addresses, mainly sites related to IT security.
Finally, it connects to a certain IRC server where it awaits orders from the attacker and makes several Windows registry entries to ensure it is run on every system startup.
“Waves of viruses like those we have suffered in recent months, with worms like Mytob, Bropia or Kelvir, are motivated by the financial returns that there creators can obtain. It is revealing to note that, according to some estimates, the spyware market could be moving around 2,000 million dollars a year,” explains Corrons.
To prevent infection from any of the variants of the Mytob family, or any other malicious code, Panda Software advises all users to keep their antivirus software up-to-date. Panda Software has already made the corresponding updates to detect and eliminate this new malicious codes available to clients.
Panda Software’s clients can already access the updates for installing the new TruPrevent™ Technologies along with their antivirus protection, providing a preventive layer of protection against new malware. For users with a different antivirus program installed, Panda TruPrevent™ Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the new virus is still being studied and the corresponding update is incorporated into traditional antivirus programs, decreasing the risk of infection.
In order to help as many users as possible scan and disinfect their computers, Panda Software offers Panda ActiveScan, free of charge. ActiveScan is also available to webmasters that want to include it on their websites. Those who would like to include it on their sites can request the HTML code.
Panda Software also offers users Virus Alerts, an e-bulletin in English and Spanish that gives immediate warning of the emergence of potentially dangerous malicious code. To receive Virus Alerts just visit Panda Software's website and complete the corresponding form.
For further information about the malicious code mentioned above, visit Panda Software’s Virus Encyclopedia.
About PandaLabs
On receiving a possibly infected file, Panda Software's technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users.
For more information: http://www.pandasoftware.com/virus_info/
|
|
|
Latest News
eEye launches zero-day tracker
07.12.06 Security research firm eEye Digital Security has launched Zero-Day Tracker, an online web site that will help the community keep track of past and present zero-day vulnerabilities.
Hackers target financial institutions
01.12.06 Attacks on businesses, particularly financial institutions, show no sign of abating despite concerted efforts to reduce them, according to new report from Kaspersky.
Top ten malware threats bypass Vista security
01.12.06 IT security company Sophos has revealed the most prevalent malware threats and hoaxes causing problems for computer users around the world during November 2006.
New wave of the Spamta worm hits the Internet
30.11.06 Anti-virus software company, Panda Software, has recently detected a rapid increase in the number of incidents caused by a new variant of the Spamta worm.
Safend Protector named best endpoint security solution
30.11.06 Safend, an endpoint security solutions developer, has announced that it has been named a finalist in the SC Magazine Award program for outstanding achievement in information-technology security.
Intego releases OS X Server protection solutions
30.11.06 Mac security software developer, Intego, has released VirusBarrier Server and VirusBarrier Mail Gateway, two new programs that provide total protection from all known Macintosh viruses on computers running Mac OS X Server.
Paradial unveils firewall traversal product for SIP
30.11.06 Paradial has announced the availability of Paradial's RealTunnel 2.
|
|
