The Mytob worm is spreading via spoof emails that appear to come
from IT system administrators.
Virus protection company Trend Micro this week issued a warning
after its infection reports showed the worm was spreading in the
US, Australia, China, Hong Kong, India, Japan, Korea, the
Philippines and Taiwan.
The worm reproduces by sending a copy of itself as an attachment
to an email. The email appears with one of a series of official
looking warnings in the subject line.
Examples cited by Trend Micro include “*IMPORTANT* Please
Validate Your Email Account”, “Email Account Suspension” and
“Notice:***Your email account will be suspended***”.
The emails also contain spoof text encouraging recipients to
open the attachment, such as: “Once you have completed the form in
the attached file, your account records will not be interrupted and
will continue as normal.”
The worm collects target email addresses from the Temporary
Internet files folder in Windows Address Book. It has a “backdoor”
that allows hackers to gain virtual control over affected systems
and also prevents users from accessing some anti-virus and
security.