On Nov 24, 2005, at 12:07 PM, [EMAIL PROTECTED] wrote:
Some idiot is telling me I'm visiting "illegal sites." He says he's
from the FBI and wants info. Is the FBI hiring metal incompetents
who can't type or figure out how to look official. I just delete
this "schmuck." Yiddish word meaning "wonderful person."
MacBurt-30-
This is a new variant of the MYTOB virus. It disguises itself as
FBI, CIA, etc. If you open the attachment and run the .exe file,
you'll infect your computer and others. This virus was first
detected last weekend and has spread widely and may cause problems
just from the sheer volume of e-mail it is generating. I've gotten a
couple dozen of those messages since Sunday.
Virus overview:
WORM_MYTOB.MX is nearly identical to other MYTOB variants, and does
not seem to deploy very different technologies than its
predecessors. However, it seems to use a wider seeding mechanism in
order to propagate more quickly.
One notable point, however, is that this variant utilizes a
previously known Trojan which Trend Micro has detected since
November 14th, 2005, thereby lending credence to Trend Micro's
belief that the MYTOB family of worms is largely the work of a
group of lesser-skilled programmers, often referred to as 'script
kiddies'. The Trojan component attempts to download an .exe file
from a site that was disabled as of the November 14th detection,
thus neutralizing some of this variant's capabilities. It is
important to note that future variants may correct this oversight.
Bob
