Home / malware Win32.Worm.Mytob.BC
First posted on 21 November 2011.
Source: BitDefenderAliases :
Win32.Worm.Mytob.BC is also known as Net-Worm.Win32.Mytob.bc, W32/Mytob-CP.
Explanation :
The worm comes by mail with the following characteristics:From: spoofedSubject: one of the following:Notice: **Last Warning***DETECTED* Online User ViolationYour Email Account is Suspended For Security ReasonsAccount AlertImportant Notification*WARNING* Your Email Account Will Be ClosedSecurity measuresEmail Account SuspensionNotice of account limitationBody: one of the following:Once you have completed the form in the attached file , your account records will not be interrupted and will continue as normal.The original message has been included as an attachment.We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.We attached some important information regarding your account.Please read the attached document and follow it's instructions.Attachment: one of the following:email-infoemail-docinformationaccount-detailsdocumentINFOinstructionsinfo-textinformationwith an executable extension (EXE, PIF or SCR).The worm also has a backdoor behaviour using the IRC protocol.
Last update 21 November 2011