Protector Plus Download Antivirus
Home
Download Antivirus
Antivirus Products
Order Antivirus


Antivirus Software for Windows XP/2000/2003
Antivirus Software for Windows Me/98
Antivirus Software for Exchange 2000/2003
Antivirus Software for NetWare

W32/Mytob.BE Worm

NameW32/Mytob.BE Worm
AliasesW32/Mytob-BD, WORM_MYTOB.DW
Discovered on June 07, 2005

 Virus Information - W32/Mytob.BE Worm:

W32/Mytob.BE is a mass mailing worm. This worm is a variant of W32/Mytob.A. The worm will infect Windows systems and spreads through email.

The infected mail 'From' address will be any one of the following;

adam, alex, alice, andrew, anna, bill, bob, brenda, brent, brian, claudia, dan, dave, david, debby, fred, george, helen, jack, james, jane, jerry, jim, jimmy, joe, john, jose, julie, kevin, leo, linda, maria, mary, matt, michael, mike, peter, ray, robert, sam, serg, smith, stan, steve, ted, tom.

The worm may also carry spoofed 'From' address picked up randomly from the infected system.

The subject of the infected mail will be any one of the following;

*DETECTED* Online User Violation
Notice: **Last Warning**
Important Notification
Account Alert
Security measures
*WARNING* Your Email Account Will Be Closed

The body of the infected mail will be;

Dear Valued Member,

According to our site policy you will have to confirm your account by the following link or else your account will be suspended within 24 hours for security reasons.

http://[blocked]/confirm.php?email=address

Thank you for your attention to this question. We apologize for any inconvenience.

Sincerely,[Company Name].

Upon execution, the worm copies itself as beta.exe in the Windows System folder.

The worm modifies registry at the following location to load itself during each startup.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

To propagate itself, the worm scans the files having the following extensions and collects all the domain names from the infected system.

adb, asp, dbx, htm, php, pl, sht, tbb, wab.

The worm generates email addresses using one of the following names as the prefix before '@' and the suffix as one of the domain names collected from the infected system.

alice, andrew, brenda, brent, brian, claudia, david, debby, george, helen, james, jerry, jimmy, julie, kevin, linda, maria, michael, peter, robert, smith, steve.

The worm attempts to locate SMTP server by appending the following prefixes to the domain names collected from the infected system. On successful SMTP server access it mails itself to the produced email addresses.

mx.
ns.
relay.
mail1.
mxs.
mx1.
smtp.
mail.
gate.

The worm tries to block access to some security related websites.

Anti virus for Windows Download Now!

Home Page Download Antivirus Antivirus Products Order Antivirus

Copyright © 2005 Proland Software.All rights reserved

antivirus software, anti virus software, anti virus, download antivirus, download anti virus, free antivirus, free anti virus, antivirus, download, free, windows, windows xp, xp, sp2, windows me, windows 2000, 98, 95, nt, me, 2003, netware, anti-virus, virus, worm, trojan, protector, plus, proland, virus software, spyware