Wednesday, October 19, 2005

Swift Mytob Worm is Back

Tim Gray writes in internetnews.com:

Security firm MessageLabs detected a new variant of the Mytob worm and said it intercepted 100 copies within the first several hours of its discovery today.

Although it is similar to previous Mytob variants, this version of the malicious code, dubbed DoomBot, is delivered with a header warning individuals that their services are about to be closed.

However, the latest code appears to have more variants, said MessageLabs' Senior Antivirus Researcher Maksym Schipka.

The file name on the attachment reads "important-details.txt." Once executed, the variant installs itself to %sysdir%d.exe, joins a command and control channel named ‘r0x’ on the IRC server rax.oucihax.info.

0 Comments:

Post a Comment

<< Home