Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Eight variations of Mytob worm in five days


  • Please log in to reply
1 reply to this topic

#1 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:06:47 AM

Posted 29 March 2005 - 11:56 AM

InfoWeek reports new variations of Mytob worm circulating:

http://www.informationweek.com/story/showA...cleID=159907336

The worm spreads itself by mass emails often with the subject "mail transaction failed" or "error" and also spreads itself by exploiting the LSASS vulnerability in Windows which was patched by MS in April 2004.

See also:
http://news.zdnet.com/2100-1009_22-5644978.html

Regards,
John
Whereof one cannot speak, thereof one should be silent.

BC AdBot (Login to Remove)

 


#2 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:03:47 AM

Posted 29 March 2005 - 08:23 PM

Yes, Sophos has been quite diligent in reporting them lately.
I'm certain other anti-virus/security companies have been also.

I believe each of the Mytob has had the filenames identified and they are in our
startup database now, having been added over the course of the last few weeks.

The database can respond to a query of the name of the trojan/virus/worm/etc.
(ie: Mytob) and you'll see we list the variants A, B, D, G, J, N & F.

It might also be mentioned that the Virus Alerts that Sophos emails on request
do not report them in alphabetical sequence.
Perhaps due to the way the testing is done.

It is basically A before D, but some variations exist.

You'll also note that clicking on the link to any particular malware type
will provide details, such as the vulnerability that is being exploited.

In regards to Sophos Virus Alert details, the advanced tab will explain the
processes each involves to the greatest degree. :thumbsup:

exploiting the LSASS vulnerability in Windows which was patched by MS in April 2004.

Of course no better way of demonstrating the NEED for Windows Updates if you run that OS can be made, than to cite the effectiveness of any infection despite the "cure" being out there. I wish everyone updated regularly.

Edited by phawgg, 29 March 2005 - 08:28 PM.

patiently patrolling, plenty of persisant pests n' problems ...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users