WORM_MYTOB.EU - Description and solution

WORM_MYTOB.EU

Overview

Solution

Technical Details

Malware type: Worm

Aliases: Net-Worm.Win32.Mytob.j (Kaspersky), W32.Mytob.CM@mm (Symantec), Worm/Mytob.DO (Avira), W32/Mytob-AK (Sophos),

In the wild: Yes

Destructive: No

Language: English

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		High
Distribution potential:		High

Description:

Upon execution, this worm drops a copy of itself in the Windows system folder as T4SKGMR.EXE. It also drops the component file HELLMSN.EXE in the root folder (usually C:\). This component file further creates the following copies of this worm in the root folder:

FUNNY_PIC.SCR
MY_PHOTO2005.SCR
SEE_THIS!!.SCR

Trend Micro detects HELLMSN.EXE as WORM_MYTOB.J.

This worm exploits the following Windows vulnerabilities:

LSASS vulnerability

More information can be found on this page:

Microsoft Security Bulletin MS04-011

For additional information about this threat, see:
Solution
Technical Details

Description created: May. 19, 2005 9:28:26 PM GMT -0800
Description updated: May. 22, 2005 11:14:11 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.