[windows2000] Fwd: Trend Micro Medium Risk Virus Alert - WORM_MYTOB.ED
- From: "Jim Kenzig http://thethin.net" <jimkenz@xxxxxxxxxxxxxx>
- To: thin@xxxxxxxxxxxxx, windows2000@xxxxxxxxxxxxx
- Date: Mon, 9 May 2005 07:33:56 -0700 (PDT)
FYI
JK
Trend Micro Newsletters Editor <editor@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Dear Trend Micro customer,
As of May 9, 2005 4:30 AM PDT (Pacific Daylight Time/GMT -8:00), TrendLabs has
declared a Medium Risk Virus Alert to control the spread of WORM_MYTOB.ED.
TrendLabs has received several infection reports indicating that it is
spreading in Japan and Australia.
Like earlier WORM_MYTOB variants, this worm propagates by sending a copy of
itself as an attachment to an email message, which it sends to target
recipients, using its own Simple Mail Transfer Protocol (SMTP) engine.
The email it sends out has the following details:
Subject: (any of the following)
- Error
- hello
- Here is your documents.
- Mail Delivery System
- Mail Transaction Failed
- Re: Thank you for delivery
- Server Report
- something for you
- Status
Subject: (any of the following)
- *IMPORTANT* Please Validate Your Email Account
- *IMPORTANT* Your Account Has Been Locked
- Email Account Suspension
- Notice: **Last Warning**
- Notice:***Your email account will be suspended***
- Security measures
- Your email account access is restricted
- Your Email Account is Suspended For Security Reasons
Message Body: (any of the following)
- Account Information Are Attached!
- Once you have completed the form in the attached file , your account records
will not be interrupted and will continue as normal.
- please look at attached document.
- Please see the attachement.
- To safeguard your email account from possible termination, please see the
attached file.
- To unblock your email account acces, please see the attachement.
- We have suspended some of your email services, to resolve the problem you
should read the attached document.
Attachment: (any of the following file names)
- email-doc
- email-info
- email-text
- information
- your_details
- document_full
- IMPORTANT
- info-text
- {random}
(any of the following extensions)
- .exe
- .pif
- .scr
- .zip
It gathers target email addresses from the Temporary Internet folder, Windows
address book (WAB), as well as from files with certain extension names. It may
also generate email addresses by using a list of names and any of the domain
names of the previously gathered addresses.
This worm has backdoor capabilities, which allow a remote user to perform
malicious commands on the affected machine. The said routine provides remote
users virtual control over affected systems, thus compromising system security.
Moreover, it prevents users from accessing several antivirus and security Web
sites by redirecting the connection to the local machine.
TrendLabs will be releasing the following EPS deliverables:
TMCM Outbreak Prevention Policy 172 - uploaded
Official Pattern Release 2.619.00 - currently being uploaded
Damage Cleanup Template 590 - ETA is 30 minutes
For more information on WORM_MYTOB.ED, you can visit our Web site at:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.ED.
You can modify subscription settings for Trend Micro newsletters at:
http://www.trendmicro.com/subscriptions/default.asp
----------------------------------------------o0o----
IMPORTANT NOTE!
TrendLabs will also be releasing a corresponding 3-digit pattern file (993) to
the pattern indicated in this email. This 3-digit pattern is a special release
for users running non-NPF compliant products (i.e., old 3-digit pattern format)
and is designed to provide protection against the most current malware threats.
Users running non-NPF compliant products are still urged to apply the NPF
solution at http://www.trendmicro.com/en/support/npf/overview.htm. These users
may also upgrade to the latest product version. Only NPF-compliant products
will be able to update with regular pattern releases.
Other related posts:
- » [windows2000] Fwd: Trend Micro Medium Risk Virus Alert - WORM_MYTOB.ED
