Mytob Worm Mutating Rapidly
Mar 29, 2005 1:42 PM PT
The latest mass-mail worm to attack unprotected computers is Mytob, which first appeared at the beginning of the month, but last week, threatened with eight new variants, two of which were reported by security firm Symantec yesterday.
As with other mass-mail worms, Mytob uses its own SMTP engine to send e-mail to addresses that it finds on computers it infects. It also may block access to security Web sites, open a backdoor, allowing others to access the computer and modify data on the computer.
The variants are labeled mytob.l through mytob.s. The subject of e-mails carrying the worm varies. Mytop has been getting low or moderate danger ratings and is not difficult to remove.
"What is surprising to me about this type of mass-mailing worm is the fact that we continue to be susceptible to them. There are a number of barriers to infection already, but still this type of malware seems to slip through the cracks," Ed Moyle, president of SecurityCurve, told TechNewsWorld, pointing out all the filtering and antivirus products that have been both integrated into e-mail clients and can be purchased separately.
"Even if all the countermeasures fail to intercept the worm, users have been repeatedly warned not to run attachments that they receive through e-mail. But still all these things fail enough for these worms to propagate," he said.
Businesses Getting Smart
On the other hand, Moyle said enterprises have become more savvy about protecting themselves from cyber-threats.
"I think in general enterprises are more prepared for malware in today's world that they have been in the past. Most larger enterprises have an incident response team in place with procedures in handling this type of outbreak, but trying to completely prevent an outbreak in any size enterprise is very difficult," he said.
"In a large enterprise, trying to track and manage individual machines within the enterprise is a huge undertaking. Looking through thousands of machines for the dozen or so that are unpatched, that have open shares, or that don't have updated antivirus protection is like trying to find a four-leaf clover in a baseball field or a needle in a haystack."
Small companies, however, may not have the resources to rapidly respond to a malware outbreak. The advice for avoiding Mytob is as usual: Do not open any attachments or start any executables if you aren't sure what they are.