-
W32/Mytob-CC
– A new variant of the Mytob mailer/IRC worm. (One
group reports there are now some 100+ Mytob variants). This one
exploits the Windows LSASS vulnerability and installs itself as
“taskgmr.exe” in the Windows System directory. It can block
access to security-related Web sites by modifying the Windows
HOSTS file. (Sophos)
W32/Mytob-CE – Very similar to Mytob-CC above. It too can
harvest e-mail addresses from the infected machine. It spreads
through an e-mail attachment with an extension of BAT, CMD, PIF,
SCR, EXE or ZIP. (Sophos)
W32/Mytob-AJ – Another Mytob variant that uses similar
characteristics to the two above. It looks like it comes from
the FBI, Symantec, Microsoft or Yahoo. (Sophos)
W32/Mytob-BC – This Mytob variant uses an e-mail that looks like
an account termination message. It too attempts to block access
to security sites by modifying the Windows HOSTS file. (Sophos)
W32/Mytob-CF – Another Mytob that tries to mimic an account
termination message. This one drops “1hellbot.exe” on the
infected machine. (Sophos)
Troj/Viper-A – A downloader application that attempts to install
“WMPLAYER.EXE” and “WMPLAYER2.EXE” on the infected machine.
(Sophos)
W32/Sdbot-YB – An Sdbot variant that spreads through network
shares and allows backdoor access via IRC. It drops “dewa.exe”
in the Windows System folder. (Sophos)
W32/Rbot-ABX – An Rbot variant that spreads through network
shares by exploiting one of three known Windows vulnerabilities.
It drops “atiupdxx.exe” in the Windows System folder. It can
allow backdoor access through IRC and be used for a number of
malicious purposes. (Sophos)
Kedebe.C – This worm spreads via e-mail using variable message
characteristics. It disables access to security-related Web
sites and terminates anti-virus processes running on the
infected machine. (Panda Software)
Bck/BotMail.C – A worm that operates similar to the SDBot
variants, spreading through network shares and acting as a proxy
for other malicious activity. (Panda Software)
Troj/LanFilt-J – This Trojan installs itself as “mshost.exe” in
the Windows System folder and can be used to steal information
from the infected machine. It sends the bounty to a remote Web
site. (Sophos)
W32/Nopir-B – A Windows worm that displays an anti-piracy
message/image on the infected machine. As it does, it attempts
to delete all .COM and .MP3 files as well as disable a number of
Window utilities, such as task manager. (Sophos)