A mass-mailing worm known as Mytob is moving fast–as in eight new variants in the past week alone and over a dozen reported since the first of March–and sending security companies scrambling to upgrade software to guard against the bug.
Norton Antivirus makers Symantec reported two new versions–W32.Mytob.R and W32.Mytob.S–March 28, but like other variants the new variants got low-to-moderate threat ratings.
Mytob comes by way of mass e-mailings and includes backdoor capability and the ability to attack Windows computers, using its own Simple Mail Transfer Protocol engine to send itself to addresses in a victim's e-mail address book, Symantec said.
The bug can also spread by way of Local Security Authority Service Remote Buffers in Windows, an opening for which Microsoft has already issued a patch in new security updates. And it also tries to block infected computers from getting into the update Web pages of Symantec, McAfee, and Microsoft by attaching text to the victimized computer's Hosts files.
The latest versions of Mytob also attempt to block infected computers from accessing the security update websites of companies such as Symantec, McAfee, and Microsoft by adding text to a compromised PC's Hosts file.
Both new Mytob variants come in e-mails whose subject lines include the phrases "good day" and "mail transaction failed," Symantec said.
One earlier Mytob variant, Mytob.Q, is believed to have a secondary payload, a low-threat virus known as Pinfi, which Symantec spotted and reported March 27.
