The Web    Google
4/12: Mytob-AR Yet Another Variant

4/12: Mytob-AR Yet Another Variant
April 12, 2005

W32.Mytob.AR@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer with back door capabilities.

The worm spreads by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011) and the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026).

Technical details can be found at Symantec page.

  • Phishing Grows with Holiday Shopping Spike
  • 5/19: Viperik-A Trojan Deletes Files & Info
  • Researcher: IE Cumulative Patch Inadequate
  • 7/16: Rbot-DP Trojan Has Spreading Capability
  • 11/1: Fakepatch-A an Elf Executable
  • 9/16: Evaman-D Worm Kills Active Processes
  • Palyh and Fizzer Top Troublemakers in May
  • 6/3: Agobot-SU Controlled by IRC Bot
  • Application Insecurity --- Who is at Fault?
  • Global content security player establishes U.S. beachhead
  • 10/27: Famus-C Worm Sends Private Data
  • Security Camera Companies and products