The Mytob worm is spreading via spoof emails that appear to come from IT system administrators.
Virus protection company Trend Micro this week issued a warning after its infection reports showed the worm was spreading in the US, Australia, China, Hong Kong, India, Japan, Korea, the Philippines and Taiwan.
The worm reproduces by sending a copy of itself as an attachment to an email. The email appears with one of a series of official looking warnings in the subject line.
Examples cited by Trend Micro include “*IMPORTANT* Please Validate Your Email Account”, “Email Account Suspension” and “Notice:***Your email account will be suspended***”.
The emails also contain spoof text encouraging recipients to open the attachment, such as: “Once you have completed the form in the attached file, your account records will not be interrupted and will continue as normal.”
The worm collects target email addresses from the Temporary Internet files folder in Windows Address Book. It has a “backdoor” that allows hackers to gain virtual control over affected systems and also prevents users from accessing some anti-virus and security.