W32Mytob almost caught me out !
The first email was a bit strange. Email from: admin@mydomain.com subject: “You have successfully updated your password “came with a zipped .doc (ytytytyt .doc) attachment and I thought nothing of it.
Then came the second email : support@mydomain.com subject: ” WARNING MESSAGE: YOUR SERVICES NEAR TO BE CLOSED.” with a zipped .exe attachment. Once again I ignored it and I didn’t execute the zipped .exe(ytytytyt .exe) thinking that it might be a virus.
Then the third email : info@mydomain.com subject: ” You have successfully updated your password” and it had a zipped .scr(ytytytyt .scr) attachment.
Now as you can see this is pretty nifty and very believable, and it sends an email with a rather convincing message.So convincing that one of our staff members decided to double click the last mentioned .scr file. - EISH !
W32Mytob in action :
W32.Mytob.PJ@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer. If your antivirus haven’t been updated for this specific virus then you will most definitely be a recipient of one of the above mentioned emails.
Two ways to check if the PC is infected :
W32.Mytob attempts to end a whole list of processes.Some affected pc’s won’t be able to open the registry from run and when an attempt is made to open task manager it is automatically closed.
The removal is pretty simple :
1. Stop the mailing process - disable the affected user account on the mail server
2. If the user runs XP: enable the windows firewall
3. Download the Symantec removal tool and follow the virus removal instructions to ensure that W32Mytob have been removed successfully.
After my virus update (AVG and ClamWin) W32.Mytob was detected successfully and it removed the attachments from the affected emails.
As long as you don’t execute one of those zipped files you’ll be safe.
The first email was a bit strange. Email from: admin@mydomain.com subject: “You have successfully updated your password “came with a zipped .doc (ytytytyt .doc) attachment and I thought nothing of it.
Then came the second email : support@mydomain.com subject: ” WARNING MESSAGE: YOUR SERVICES NEAR TO BE CLOSED.” with a zipped .exe attachment. Once again I ignored it and I didn’t execute the zipped .exe(ytytytyt .exe) thinking that it might be a virus.
Then the third email : info@mydomain.com subject: ” You have successfully updated your password” and it had a zipped .scr(ytytytyt .scr) attachment.
Now as you can see this is pretty nifty and very believable, and it sends an email with a rather convincing message.So convincing that one of our staff members decided to double click the last mentioned .scr file. - EISH !
W32Mytob in action :
W32.Mytob.PJ@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer. If your antivirus haven’t been updated for this specific virus then you will most definitely be a recipient of one of the above mentioned emails.
Two ways to check if the PC is infected :
W32.Mytob attempts to end a whole list of processes.Some affected pc’s won’t be able to open the registry from run and when an attempt is made to open task manager it is automatically closed.
The removal is pretty simple :
1. Stop the mailing process - disable the affected user account on the mail server
2. If the user runs XP: enable the windows firewall
3. Download the Symantec removal tool and follow the virus removal instructions to ensure that W32Mytob have been removed successfully.
After my virus update (AVG and ClamWin) W32.Mytob was detected successfully and it removed the attachments from the affected emails.
As long as you don’t execute one of those zipped files you’ll be safe.
Labels: USEFUL TECH
posted by (T)HINKINGPUTTY at 3:08 AM
0 Comments:
Post a Comment
<< Home