Like other WORM_MYTOB variants, Worm_Mytob.BH propagates by sending a copy of itself as an attachment to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine. Online Security Threats - Internet and Network Security Threats ::
4/13: Mytob-BH Worm Another Variant - 04/13/2005 4/13: Mytob-BB a Mass-Mailing Worm - 04/13/2005 4/13: Bancos-CD Password-Stealing Trojan - 04/13/2005
http://www.esecurityplanet.com/alerts/archives.php/200504HOME |
It gathers target email addresses from the Temporary Internet files folder, Windows address book (WAB), as well as from files with certain extension names.
This worm also propagates via network shares. It logs on using the account of the currently logged user and searches for available shared folders within the network. It then attempts to drop copies of itself into accessible shared folders.
This worm has backdoor capabilities, which allow a remote user to perform malicious commands on the affected machine. The said routine provides remote users virtual control over affected systems, thus compromising system security.
Moreover, it prevents users from accessing several antivirus and security Web sites by redirecting the connection to the local machine.
It also drops a component file, which is responsible for creating copies of this worm. The said component is detected by Trend Micro as WORM_MYTOB.J.
More information can be found at this Trend Micro page.
Pre-Article:4/13: Mytob-BB a Mass-Mailing Worm
Next-Article:From the Forums: Drop Shipping Confusion | 
4/13: Mytob-BH Worm Another Variant