The record shows the net's taking blows - it did it Mytob way

By on

Another internet worm has exploded across computers worldwide as Mytob has been widely spammed over the last 48 hours.

According to antivirus company Sophos, Mytob represents over 40 percent of all virus activity over the last two days, despite the continuing presence of the Sober and Bagle threats.

The most popular variant, Mytob.CM, appears in emails pretending to be network administrators, arriving in work email boxes with subject lines such as "Your Email Account is Suspended" and "Account Alert." Once infected, the worm attempts to turn off computer security functions and opens a backdoor for other malware.

"Not only do these side-effects make it more difficult for recipients to get assistance from security experts, the open backdoor and lack of security also leaves infected users open to a whole host of other attacks," said Carole Theriault, security consultant at Sophos. "It is important not to underestimate the power of such cluster attacks - together they form a malicious army of threats."

According to Sophos the Mytob appears to be from a group of virus writers that call themselves Hellbot and is evidence of organised, targeted, virus writing.

"The Mytob source codes suggest that the virus writers are following a carefully planned strategy, whereby the routine allows the virus to develop," continued Theriault. "By issuing many threats, all of which are tweaked slightly differently, they may be searching for the elements of their malicious code that will help them create a super worm."

In May SC reported virus writers are working more closely together to create more effective, profitable viruses.

www.sophos.com

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?