A new variant of the MYTOB worm has been discovered that pretends to be a legitimate email warning of a delivery error or email account problem.
The worm, WORM_MYTOB.ED was the 100th variant to be identified since the MYTOB worm first appeared in February this year, security vendor Trend Micro has said in a statement.
The worm propagated by sending a copy of itself as an email attachment which it sent using its own Simple Mail Transfer Prorocol (SMTP) engine, the company said.
Email addresses were harvested from the Temporary Internet Folder Windows Address Book, as well as from files with certain extension names. The worm was also able to generate email addresses by combining names and domains that had previously been gathered.
According to the company, once infected, the worm prevented users from accessing antivirus sites by redirecting connections from the local machine.
MYTOB.ED made a system vulnerable to further attacks by using Internet Relay Chat (IRC) backdoors. This allowed a remote user to download and execute files on an affected machine.
Trend Micro issued a medium risk alert for MYTOB.ED which has been reported in Europe and Asia Pacific.
.png&h=140&w=231&c=1&s=0)
_(22).jpg&h=140&w=231&c=1&s=0)
_(20).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
