"Mytob.bi"

[Osiris]

Another variant of the Mytob worm began wiggling its way into inboxes this week, enticing recipients to open an e-mail attachment that could allow a remote hacker to access and perform commands on an infected machine. The variant, dubbed "Mytob.bi" by some security researchers, scans the hard drive of an infected machine and sends copies of itself to e-mail addresses it finds in the Windows Address Book, antivirus firm Trend Micro Inc. said yesterday. The worm poses as a message from an IT administrator, warning recipients that their e-mail accounts are about to be suspended, Trend Micro said.

Possible subject headers for the worm include "*IMPORTANT* Please Validate Your Email Account" and "Notice: **Last Warning**." The latest variant is the fourth iteration of the Mytob family of worms that were first detected in late February, Trend Micro said. It has backdoor capabilities and can open a random port, allowing a hacker to remotely access an infected machine.

 

[kukuhead]

My company network got it! Now a few users are getting the mail, and i got client calling me that i send them mail that contain the mytob.mm worm! I scan the xchange server but nothing is found! wat should i do !!!

 

[Lobos]

Try this

http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob@mm.removal.tool.html

pick you varient of the worm

and follow the directions on the page

 

[kukuhead]

I cant detect it in my exchange server, it there anyway for me to pin point which machine in the network is spreading the worm??