- Nokia's new N97 vs. the iPhone
- Talk-powered cell phones?
- FBI: Copper thieves jeopardize U.S. infrastructure
- 10 Microsoft research projects
- Smartphone smackdown: Storm vs. iPhone
Virus writers responsible for the recent rash of Mytob worm variants could be working on creating a super worm, a security researcher warned Friday.
The "HellBot" group behind the Mytob worms write programming instructions in their code that mirror the way developers work, said Sophos Security Consultant Carole Theriault.
"The only conclusion we can come up with is that they are working on a big super worm," Theriault said.
Since its discovery in February, the Mytob mass-mailing worm has spawned dozens of variants, each just slightly different, according to researchers.
However, each variant turns off an infected machine's security settings and blocks the user's access to security Web sites, Theriault said.
This makes it difficult to get help once a machine has been infected, and Trojan programs accompanying the worms could leave a backdoor open for attack, she said. One recent version included spyware and adware, which could be used to reap monetary benefits, according to U.K. anti-virus company Trend Micro.
The Mytob authors have been "very busy," releasing multiple variants a day, McAfee noted. While the distribution of each variant is low, combined there is a lot of activity around them, researchers said.
Over 50% of the reported problems coming into Sophos over the last 24 hours have been about Mytob worms, Theriault said. Recent versions, discovered earlier in the week, include Mytob.bi , which poses as a message from an IT administrator, warning that the recipient's e-mail account is about to be suspended.
It scans the hard drive of an infected machine and sends copies of itself to e-mail addresses it finds in the Windows Address Book. It also prevents the machine from accessing several antivirus and security Web sites, and can open a random port, allowing a hacker to gain remote access.
While anti-virus companies would normally have to update their software to guard against each new variant, the Mytob family is so close that multiple variants can be caught using generic definitions of the worm, Theriault said. However, users are advised to keep their antivirus software up-to-date.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment