The flood of Mytob worms not letting up: 38 variants are now in circulation

PandaLabs is detecting new variants of the mass-mailing worm Mytob every day. This family of worms already has 38 members. Twenty two of these have emerged this month and it is highly probable that more Mytob worms will appear over the next few days.

Evidence seems to suggest that the appearance of this number of variants over such a short period space of time responds to a predefined plan. “As there is no evidence to suggest that the source code of these worms has been published, as has happened with other malware, we are led to believe that all of these worms have been created by a single author or an organized group,” explains Luis Corrons, head of PandaLabs, who goes on to say, “therefore, what they are trying to do is unleash the largest number of different worms possible in order to increase the probability of computers being infected by one of them.”

All of the variants of Mytob have a series of common characteristics, such as opening backdoors in infected systems. For this reason, it is possible that the main aim of the authors of these worms is to create networks of computers that can be controlled at the same time. This would allow the attacker to carry out many different malicious actions, from mass mailing spam, launching attacks against other computers or stealing confidential information in order to commit fraud.

The results of an analysis carried out by PandaLabs show that there are many similarities between the Mytob worms and the infamous Mydoom worm, which appeared at the beginning of 2004 and caused a worldwide epidemic. “The source code of Mydoom seems to have been used as a basis to create the Mytob worms. What’s more, some modifications have been made, as they are also programmed to exploit the Windows LSASS vulnerability, which allowed the Sasser worm to launch a widespread attack in 2004.”

Due to the high possibility of being infected by one of the Mytob worms, Panda Software advises users to take precautions and to update their antivirus software. Panda Software has made the corresponding updates available to its clients to detect and disinfect these new malicious code

Share this