W32/Mytob-HM is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-HM is capable of spreading through email and through various operating system vulnerabilities such as LSASS (MS04-011). Emails sent by W32/Mytob-HM have the following properties:
Mail Delivery System
Mail Transaction Failed
'This is a multi-part message in MIME format.'
'Mail transaction failed. Partial message is available.'
'The message contains Unicode characters and has been sent as a binary attachment.'
'The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.'
'The original message was included as an attachment.'
'Here are your banks documents.'
The attached file consists of a base name followed by the extentions PIF, SCR, EXE or ZIP. The worm may optionally create double extensions where the first extension is DOC, TXT or HTM and the final extension is PIF, SCR, EXE or ZIP.
Sophos's anti-virus products include Genotype ? detection technology, which can proactively protect against new threats without requiring an update. Sophos customers have been protected against W32/Mytob-HM (detected as W32/Mytob-Fam) since version 3.94.