Be careful especially with "non-deliverable" email messages, as that's the theme for this highly active virus.
About one dozen new variants of Mytob emerged over the past weekend. This virus spreads by email and exploitation of unpatched Windows systems (MS03-026 and MS04-011). This family of viruses is apparently easy to clone and it may become the next Spybot or Agobot when it comes to active development of new variants. http://www.trendmicro.com/vinfo/ http://www.symantec.com/avcenter/vinfodb.html
This worm also takes advantage of the following Windows vulnerabilities to propagate:
* RPC/DCOM vulnerability
* LSASS vulnerability
For more information about these vulnerabilities, please refer to the following Microsoft Web pages:
* Microsoft Security Bulletin MS03-026
* Microsoft Security Bulletin MS04-011
Modifies files: Modifies the Hosts file.
Compromises security settings: Blocks access to several security-related web sites.
Name of attachment: Varies with a .bat, .cmd, .exe, .pif, .scr, or .zip file extension.
Ports: 10087 FORMAT OF EMAIL MESSAGE
Subject: (One of the following)
Mail Delivery System
Mail Transaction Failed
Message: (One of the following)
* Here are your banks documents.
* The original message was included as an attachment.
* The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
* The message contains Unicode characters and has been sent as a binary attachment.
* Mail transaction failed. Partial message is available.
Attachment: (One of the following)
Extensions: pif, scr, exe, bat, cmd, zip