5/13: Mytob-CA is a Worm and a Trojan
May 13, 2005

W32/Mytob-CA is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.

W32/Mytob-CA also appends to the HOSTS file to deny access to security related websites. It is capable of spreading through email. Email sent by W32/Mytob-CA has the following properties:

Subject line:
Error
hello
Here is your documents.
Mail Delivery System
Mail Transaction Failed
Re: Thank you for delivery
something for you
Status

Message text:

'Mail transaction failed. Partial message is available.'
'Mail transaction failed. Partial message is available.'
'The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.'
'The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.'
'The message contains Unicode characters and has been sent as a binary attachment.'
'The message contains Unicode characters and has been sent as a binary attachment.'
'The original message was included as an attachment.'
'The original message was included as an attachment.'

More information can be found at Sophos page.