Clicking our the-alh.com logo takes you to our homepage.
Alh Webmaster Alerts Archive
This archive has the Alerts, Recalls & Warnings sent to our mailing list.

   

<< May 2005 >>
Sun Mon Tue Wed Thu Fri Sat
01 02 03 04 05 06 07
08 09 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31


hits

Contact Me

If you want to be updated on this weblog Enter your email here:



rss feed

Monday, May 30, 2005
Virus Alert: MYTOB.AR

This alert was sent to the Alh Webmaster Alerts Mailing List on behalf of www.the-alh.com on 30 May 2005

#1. Secunia Virus Alert: MYTOB.AR
#2. Update for the alert of WORM_MYTOB.AR.

----------------------------------------------
#1. Secunia Virus Alert: MYTOB.AR
Risk Rating: MEDIUM RISK
Confirmed By: 3 Vendors

Secunia Virus Information has issued a MEDIUM RISK alert for: MYTOB.AR

Aliases:
Net-Worm.Win32.Mytob.bb
W32/Mytob.gen@MM
Win32.Mytob.DM
Win32/Mytob.CZ
Worm.Mytob.CG
Worm/Mytob.EA
WORM_MYTOB.AR


Learn More About MYTOB.AR Online At Secunia: http://secunia.com/virus_information/18397/

----------------------------------------------
#2. This is an update of the earlier sent email message for the alert declaration of WORM_MYTOB.AR.

Aliases:
Worm.Mytob.CG
Worm/Mytob.EA
Win32/Mytob.CZ
W32/Mytob.gen@MM
Net-Worm.Win32.Mytob.bb
Win32.Mytob.DM

As of May 30, 2005 3:12 AM YEAR TIME PST (PDT/GMT -7:00), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_MYTOB.AR. TrendLabs has received several infection reports indicating that this malware is spreading in Australia, China, Hongkong, India, Japan, Korea, Philippines, Taiwan, United States.

The following is a brief summary of what this worm is capable of doing:

This memory-resident worm propagates by sending a copy of itself as an attachment to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine.

This email message has the following details:

Subject: (any of the following)
• {Random}
• *DETECTED* Online User Violation
• *IMPORTANT* Please Validate Your Email Account
• *IMPORTANT* Your Account Has Been Locked
• *WARNING* Your Email Account Will Be Closed
• Account Alert
• Email Account Suspension
• Important Notification
• Notice of account limitation
• Notice: **Last Warning**
• Notice:***Your email account will be suspended***
• Security measures
• Your email account access is restricted
• Your Email Account is Suspended For Security Reasons

Message body: (any of the following)
• Once you have completed the form in the attached file , your account records will not be interrupted and will continue as normal.
• please look at attached document.
• Please read the attached document and follow it's instructions.
• Please see the attachement.
• The original message has been included as an attachment.
• To safeguard your email account from possible termination, please see the attached file.
• To unblock your email account acces, please see the attachement.
• We attached some important information regarding your account.
• We have suspended some of your email services, to resolve the problem you should read the attached document.
• We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.

Attachment: (any combination of the following file names and extension names)

File name:

• {random}
• account-details
• document
• document_full
• email-doc
• email-info
• information
• info
• info-text
• instructions
• your_details

Extension name:

• EXE
• PIF
• SCR
• ZIP

This worm also takes advantage of the LSASS vulnerability to propagate.

This worm also has backdoor capabilities. It comes with a built-in Internet Relay Chat (IRC) bot that allows it to connect to a specific IRC server. It then waits for commands from a remote user.

It also terminates processes, some of which are related to antivirus and security programs.

For more information on WORM_MYTOB.AR, you can visit the Web site at: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.AR

=============================================
Our Alh Webmaster Alerts Archive has Alerts, Recalls and Warnings and can be viewed at: http://alh1.blogdrive.com/

You can POST YOUR ALERTS on our site. If you have an alert to post online, visit our Post Alerts site at: http://www.the-alh.com/postalts.htm Or at: http://alh-alerts.blogdrive.com/

Send this e-mail to family, friends and associates.
Please forward this e-mail to your family, friends and associates. If you received this from someone and wish to subscribe to our FREE e-mail Alert service, please use the following link: http://www.the-alh.com/#Our

Our FREE e-mail Alert mailing-list subscription service is totally confidential. We DO NOT pass your e-mail address on (in any way, shape or form) to anyone else.

Also, we DO NOT endorse any products or services and we DO NOT work in conjunction with any marketing agencies (direct or otherwise) of any kind. However, sometimes we do suggest (and occaissionally recomend) a product or service we have either worked with or believe would be in your best interest.

If any marketer contacts you claiming that we sent them to you, forward their entire e-mail (with full headers) As Soon As Possible to: A0-3@alh_webmaster.mailshell.com (so we can retailiate [pay-um-back])

Posted at 11:28 am by AlhWebmaster1

 

Leave a Comment:

Name


Homepage (optional)


Comments




Previous Entry Home Next Entry