Spyware, Viruses, & Security forum

General discussion

Trend Micro Medium Risk Virus Alert - WORM_MYTOB.AR

As of May 30, 2005 3:12 AM YEAR TIME PST (PDT/GMT -7:00), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_MYTOB.AR. TrendLabs has received several infection reports indicating that this malware is spreading in Australia, China, Hongkong, India, Japan, Korea, Philippines, Taiwan, United States.

The following is a brief summary of what this worm is capable of doing:

This memory-resident worm propagates by sending a copy of itself as an attachment to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine.

This email message has the following details:

Subject: (any of the following)
. {Random}
. *DETECTED* Online User Violation
. *IMPORTANT* Please Validate Your Email Account
. *IMPORTANT* Your Account Has Been Locked
. *WARNING* Your Email Account Will Be Closed
. Account Alert
. Email Account Suspension
. Important Notification
. Notice of account limitation
. Notice: **Last Warning**
. Notice:***Your email account will be suspended***
. Security measures
. Your email account access is restricted
. Your Email Account is Suspended For Security Reasons

Message body: (any of the following)
. Once you have completed the form in the attached file , your account records will not be interrupted and will continue as normal.
. please look at attached document.
. Please read the attached document and follow it's instructions.
. Please see the attachement.
. The original message has been included as an attachment.
. To safeguard your email account from possible termination, please see the attached file.
. To unblock your email account acces, please see the attachement.
. We attached some important information regarding your account.
. We have suspended some of your email services, to resolve the problem you should read the attached document.
. We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.

Attachment: (any combination of the following file names and extension names)

File name:

. {random}
. account-details
. document
. document_full
. email-doc
. email-info
. information
. info
. info-text
. instructions
. your_details

Extension name:


This worm also takes advantage of the LSASS vulnerability to propagate.

This worm also has backdoor capabilities. It comes with a built-in Internet Relay Chat (IRC) bot that allows it to connect to a specific IRC server. It then waits for commands from a remote user.

It also terminates processes, some of which are related to antivirus and security programs.

TrendLabs will be releasing the following EPS deliverables:

TMCM Outbreak Prevention Policy 177 (already available)
Official Pattern Release 2.649.00
Damage Cleanup Template 622

For more information on WORM_MYTOB.AR, you can visit our Web site at:

Discussion is locked
You are posting a reply to: Trend Micro Medium Risk Virus Alert - WORM_MYTOB.AR
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Trend Micro Medium Risk Virus Alert - WORM_MYTOB.AR
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.