Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MS04-011: Mytob worm - Dozen new variants


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:11:34 PM

Posted 11 April 2005 - 06:26 AM

Be careful especially with "non-deliverable" email messages, as that's the theme for this highly active virus.

About one dozen new variants of Mytob emerged over the past weekend. This virus spreads by email and exploitation of unpatched Windows systems (MS03-026 and MS04-011). This family of viruses is apparently easy to clone and it may become the next Spybot or Agobot when it comes to active development of new variants.

http://www.trendmicro.com/vinfo/
http://www.symantec.com/avcenter/vinfodb.html

This worm also takes advantage of the following Windows vulnerabilities to propagate:

* RPC/DCOM vulnerability
* LSASS vulnerability

For more information about these vulnerabilities, please refer to the following Microsoft Web pages:

* Microsoft Security Bulletin MS03-026
* Microsoft Security Bulletin MS04-011

Modifies files: Modifies the Hosts file.
Compromises security settings: Blocks access to several security-related web sites.
Name of attachment: Varies with a .bat, .cmd, .exe, .pif, .scr, or .zip file extension.
Ports: 10087


FORMAT OF EMAIL MESSAGE

Subject: (One of the following)
Good day
hello
Mail Delivery System
Mail Transaction Failed
Server Report
Status
Error

Message: (One of the following)
* Here are your banks documents.
* The original message was included as an attachment.
* The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
* The message contains Unicode characters and has been sent as a binary attachment.
* Mail transaction failed. Partial message is available.

Attachment: (One of the following)
document
readme
doc
text
file
data
test
message
body

Extensions: pif, scr, exe, bat, cmd, zip

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users