OIT Help Desk

Virus and Security Alerts

W32.Mytob

There are many versions of the Mytob worm on the Internet with more appearing weekly.

This is a set of mass-mailing worms that spread initially through e-mail. This worm combines the functionalities of the MyDoom and SDBot worms. Some variants contain a link to a Web site that uses a flaw in Internet Explorer to download and execute files. The worm then opens a backdoor on varied TCP ports or IRC allowing hackers access to the machine. Other variants include a virus infected attachment.

The Mytob virus (a MyDoom Variant) generates e-mails that appear to come from legitimate sources such as support@indstate.edu, administrator@indstate.edu, info@indstate.edu, register@indstate.edu, mail@indstate.edu, and accounts@indstate.edu.
The body of the message may claim your e-mail account has been sending out spam or that your computer has been infected/compromised.
In many cases, the e-mails will be signed with "The isugw.indstate.edu support team" or "The Indstate Support Team".  Please note: We do not send e-mails out with this signature.

They arrive in email messages with spoofed sending addresses and with a subject line picked from an internal list. The bodies of the e-mail often contain a link urging you to click on it. Do not click on the link.

In order to protect yourself, you should be extremely cautious about opening any attachments to e-mail or clicking on any links.

Here is an example of one of these messages:
From: <info@indstate.edu>
To: <it-help@indstate.edu>
Date: Saturday, October 15, 2005 9:37 PM
Subject: *DETECTED* Online User Violation

Dear Indstate Member,

Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service.

If you choose to ignore our request, you leave us no choice but to cancel your membership.

Virtually yours,
The Indstate Support Team

General Virus Information

It is common for worms to forge the from: field on e-mail so that it appears that a virus e-mail is coming from someone you know or even from yourself; you should check with the sender before opening unexpected attachments. If you receive any messages with suspicious attachments, do not open the attachment; instead delete the message.
It is important to have a virus scanner installed and updated with the latest virus data files. System scans should be performed often.

In addition to messages containing the worm, you may also receive warnings indicating that a message you sent has been blocked, although you did not send such a message. You may ignore these warnings, It is typical for mass-mailing
worms to forge or fake the source information in the e-mails they send.

Please call the OIT Help Desk if you need assistance, we are available at ext. 2910 or via web form: http://www1.indstate.edu/oit1/userservices/ithelp/get-help-online.html

W32.Mytob Links for more information

Current Variants. These are listed as low risk by McAfee.