From; Panda Oxygen3: "Better to rely on one powerful king than on many little princes." Jean de La Fontaine (1621 - 1695) French poet - TruPrevent(TM) Technologies neutralize two new variants of Mytob without previous identification - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com) MADRID, June 2 2005 - According to PandaLabs, two new and potentially dangerous variants of the Mytob worms, -EC and EB-, are spreading via email around the world. The TruPrevent(TM) proactive detection technologies developed by Panda Software to detect and block unknown malware, have been effective in preventing attacks from this malicious code, so users who have these technologies installed on their computers have been protected from the outset, unlike those with traditional antivirus products, who would have to wait up to several hours for the update of the signature file. In this case, the need to use proactive technologies such as TruPrevent(TM) is even more pressing, as these variants of Mytob are designed to prevent antivirus products installed on a computer from updating, and if successful will leave users unprotected against this threat. In order to block these updates, the worms modify the system HOSTS file. When they run, these two malware variants terminate all types of processes to avoid being detected. They also open a backdoor on the computer to allow the entry of commands and files sent by a remote user through IRC channels, and therefore this multi-purpose malware is potentially very dangerous. These worms employ the usual email techniques in order to spread: sending themselves to addresses that they get from certain files within the infected computer, and including the virus itself in a compressed ZIP attachment, in a message which is normally in English, warning of the closure of email accounts and asking the potential victim to open the attached ZIP file to continue using the supposed account. "We are increasingly seeing new variants of malware that include both the termination of processes associated to antivirus products, and the blocking of the computer's communication with certain websites, such as those through which the antivirus is updated ", explains Luis Corrons, director of PandaLabs. For this reason, the barrier provided by proactive technologies is vital, as they don't need to be updated for every new example of malware in order to be effective. The idea is to be one step ahead in terms of antivirus protection, based on interception and prevention." The effectiveness against new malware of traditional antiviruses depends on the reaction time of security companies and of users, and therefore when dealing with a rapidly spreading malicious code, the chances of a computer being infected -even with an updated antivirus installed- are very high. The solution to this problem involves using proactive solutions, such as TruPrevent(TM) Technologies, which detect and block unknown malware without having previously identified it. According to Luis Corrons: "TruPrevent(TM) Technologies determine the presence of malware by analyzing its behavior. These innovative technologies monitor the action taken by an application, and if -collectively- they could be damaging to the system, it blocks them and sends the suspicious file to PandaLabs, where the potential threat is analyzed in-depth and if necessary the corresponding vaccine is generated. TruPrevent(TM) Technologies are not a substitute for traditional antiviruses but a compliment and correspond to the strategy of Panda Software of obtaining the highest possible levels of security against Internet threats using a combination of technologies. "Since they were launched in August 2004 TruPrevent(TM) Technologies have detected more than 6000 examples of previously unknown malware. This also enables us to be the fastest in generating vaccines against new malware for our traditional antivirus solutions", concludes Corrons. Panda Software's clients can already access the updates for installing the new TruPrevent(tm) Technologies along with their antivirus protection, providing a preventive layer of protection against new malware. For users with a different antivirus program installed, Panda TruPrevent(tm) Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the new virus is still being studied and the corresponding update is incorporated into traditional antivirus programs, decreasing the risk of infection. More information about TruPrevent(tm) Technologies is available at: www.pandasoftware.com/truprevent In order to help as many users as possible scan and disinfect their computers, Panda Software offers Panda ActiveScan, free of charge, at http://www.pandasoftware.com. For further information about the malicious code mentioned above, visit Panda Software's Virus Encyclopedia at http://www.pandasoftware.com/virus_info/encyclopedia/. NOTE: The address above may not show up on your screen as a single line. This would prevent you from using the link to access the web page. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. ------------------------------------------------------------ The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's free online scanner: 1)Qhost.gen; 2)Netsky.P; 3)Sdbot.ftp; 4)Mitglieder.DC; 5)Mhtredir.gen. ------------------------------------------------------------ To contact with Panda Software, please visit: http://www.pandasoftware.com/about/contact/ ------------------------------------------------------------ *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member