|
| |
|
Malware Description Search |
|
|
| | |
|
|
| |
Home / Viruses / Virus Encyclopedia / Malware Descriptions / Network Worms / Internet Worms
Net-Worm.Win32.Mytob.bi
Other versions: .a, .be, .bk, .bt, .c, .cf, .ch, .dc, .eg, .r, .t, .u, .v, .w, .x, .y
Net-Worm.Win32.Mytob.bi (Kaspersky Lab)
is also known as:
W32/Mytob.gen@MM (McAfee), W32.Mytob.FI@mm (Symantec), Win32.HLLM.MyDoom.42 (Doctor Web), W32/MyDoom-Gen (Sophos), Worm/Mytob.GC (H+BEDV), Backdoor.SDBot.Phatbot (SOFTWIN), Worm.Mytob.AS (ClamAV), W32/Gaobot.JJ.worm (Panda), Win32/Mytob.DZ (Eset)
| Detection added |
Jun 10 2005 06:10 GMT |
| Description added |
Dec 29 2005 |
| Behavior |
Net-Worm |
This network worm is typical of the Mytob family. It infects computers running
under Windows. It spreads via the Internet as an attachment to infected messages,
and includes a backdoor program which receives commands via IRC channels.
Installation
Once launched, the worm copies itself to the Windows system directory. IT
also registers itself in the Windows system registry, ensuring that the worm
will be launched each time Windows is rebooted on the victim machine.
Propagation via email
The worm spreads via the Internet as an attachment to infected messages. It
sends itself to email addresses harvested from the victim machine.
Infected messages
Payload
Net-Worm.Win32.Mytob.bi opens a TCP port on the victim machine to contact
to IRC channels and receive commands. This gives a remote malicious user full
access to the victim machine via IRC channels, making it possible to receive
information from the infected computer, download, launch and delete files.
The worm also terminates processes connected with antivirus solutions, firewalls,
and other security programs.
The worm also modifies the %System%\drivers\etc\hosts file in order to block
access to antivirus vendors' sites from the victim machine.
| | |
|
