Troj/LegMir-AK is a password stealing Trojan for the Windows platform.
W32/Mytob-DB is a mass-mailing worm and IRC backdoor Trojan.
W32/Mytob-DB can spread by sending itself as an email attachment to email addresses it harvests from the infected computer, either as an attachment with a double-extension or as a zip file containing a file with a double-extension. W32/Mytob-DB avoids sending emails to addresses containing certain strings in them.
W32/Mytob-DB processes the emails it has harvested by splitting them into name and domain. Once it has sent itself to the emails it has harvested, it uses a predefined list of names with the harvested domains. W32/Mytob-DB spoofs the sender, sending emails as if from one of the following at the same domain as the recipient:
For example if sending itself to firstname.lastname@example.org, W32/Mytob-DB might send the email as if from email@example.com.
Emails sent by the worm have characteristics from the following: