Mac News: Security: Mytob Worm Mutating Rapidly

Mytob Worm Mutating Rapidly

By Susan B. Shor
TechNewsWorld
Part of the ECT News Network
03/29/05 1:42 PM PT

The latest mass-mail worm to attack unprotected computers is Mytob, which first appeared at the beginning of the month, but last week, threatened with eight new variants, two of which were reported by security firm Symantec (Nasdaq: SYMC) yesterday.

As with other mass-mail worms, Mytob uses its own SMTP engine to send e-mail to addresses that it finds on computers it infects. It also may block access to security Web sites, open a backdoor, allowing others to access the computer and modify data on the computer.

Various Subjects

The variants are labeled mytob.l through mytob.s. The subject of e-mails carrying the worm varies. Mytop has been getting low or moderate danger ratings and is not difficult to remove.

"What is surprising to me about this type of mass-mailing worm is the fact that we continue to be susceptible to them. There are a number of barriers to infection already, but still this type of malware seems to slip through the cracks," Ed Moyle, president of SecurityCurve, told TechNewsWorld, pointing out all the filtering and antivirus products that have been both integrated into e-mail clients and can be purchased separately.

"Even if all the countermeasures fail to intercept the worm, users have been repeatedly warned not to run attachments that they receive through e-mail. But still all these things fail enough for these worms to propagate," he said.

Businesses Getting Smart

On the other hand, Moyle said enterprises have become more savvy about protecting themselves from cyber-threats.

"I think in general enterprises are more prepared for malware in today's world that they have been in the past. Most larger enterprises have an incident response team in place with procedures in handling this type of outbreak, but trying to completely prevent an outbreak in any size enterprise is very difficult," he said.

"In a large enterprise, trying to track and manage individual machines within the enterprise is a huge undertaking. Looking through thousands of machines for the dozen or so that are unpatched, that have open shares, or that don't have updated antivirus protection is like trying to find a four-leaf clover in a baseball field or a needle in a haystack."

Small companies, however, may not have the resources to rapidly respond to a malware outbreak. The advice for avoiding Mytob is as usual: Do not open any attachments or start any executables if you aren't sure what they are.

Next Article in Security

Networks Band Together To Fight Internet Attacks
March 29, 2005

Blaming lost revenue and repair costs from attacks on networked services and disruptions for the loss of more than US$17.5 billion in 2005, the Fingerprint Sharing Alliance said the global partnership will facilitate improved defense of computer systems and infrastructure that cross network and national borders.

More by Susan B. Shor

Salesnet President Jonathan Tang Ready to Take On Salesforce.com
February 07, 2006

"We think it's Salesnet's time now. We've been around since the beginning, we've been lying low, but you're going to start to see more of us. We've done it through organic growth and happy customers. We continue to focus on customers."

Comcast Follows Time Warner in Offering 'Family' Programming Tier
December 23, 2005

"The demand for this type of tier is coming from the FCC and Christian conservatives. It has nothing to do with legitimate consumer demand," Todd Chanko, senior analyst at Jupiter Media, told the E-Commerce Times.

High-Risk Flaw Found in Symantec's Software
December 22, 2005

"Part of the significance of this vulnerability announcement is that your machine can be exploited without you needing to do anything at all. You don't even have to open an e-mail or attachment, and this happens with the default configuration of the product," said Forrester Research senior analyst Michael Gavin.

[Search More...]