|
Description:
Like other WORM_MYTOB variants, this memory-resident worm propagates by sending a copy of itself as an attachment to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine.
The email it sends out has the following details:
Subject: (any of the following)
Error
Good day
hello
Mail Delivery System
Mail Transaction Failed
Server Report
Status
<random characters>
Message body: (any of the following)
Here are your banks documents.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
The message contains Unicode characters and has been sent as a binary attachment.
Mail transaction failed. Partial message is available.
Attachment: (any of the following file names)
data
doc
document
file
message body
readme
test
text
(with any of the following extensions)
BAT
CMD
EXE
PIF
SCR
ZIP
It gathers target email addresses from the Temporary Internet files folder, Windows address book (WAB), as well as from files with certain extension names. It may also generate email addresses by using a list of names and any of the domain names of the previously gathered addresses.
This worm has backdoor capabilities, which allow a remote user to perform malicious commands on the affected machine. The said routine provides remote users virtual control over affected systems, thus compromising system security.
Moreover, it prevents users from accessing several antivirus and security Web sites by redirecting the connection to the local machine.
It also drops a component file, which is responsible for creating copies of this worm. The said component is detected by Trend Micro as WORM_MYTOB.J.
For additional information about this threat, see:
Solution
Technical Details
Description created: Apr. 10, 2005 2:07:00 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
