 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
quietman7
Warrior Addict
Joined: 20 Dec 2004
Last Visit: 28 Mar 2012
Posts: 768
Location: Virginia, USA
|
 Posted: Tue Apr 12, 2005 3:12 am Post subject: Mytob Family Reproduces Like Rabbits |
 |
|
| Quote: |
pril 11, 2005 (2:14 PM EDT)
Mytob Family Reproduces Like Rabbits
By Gregg Keizer, TechWeb News
The Mytob worm family has grown by leaps and bounds -- half a dozen variants just this past weekend -- and is a marker of the trend toward more-more-more by virus and worm writers, a security analyst said Monday.
Since its debut about six weeks ago, 40 Mytob variants have appeared, a new record for a worm in the quantity count.
"The writer or writers of Mytob have been very busy creating variants," said Graham Cluley, an analyst with the U.K.-based anti-virus vendor Sophos. "They're trying to get it past anti-virus defenses by making small changes, and constantly tweaking it."
The half-dozen versions that rolled out over the weekend, said Cluley, point out the lengths to which virus writers will go to sneak by defenses. "The writers will produce a version, which is then detected by anti-virus labs, then the writers create a new version to top the last one. In the case of those over the weekend, they were similar enough that we could say they were all from the Mytob family, and detect them with a generic signature already in place."
Mytob is a mass-mailed worm that includes its own SMTP engine to spread itself to other PCs after hijacking addresses from an infected system. It also includes a backdoor component which lets the hacker send additional commands and/or files to the compromised computer to turn it into a spam-spewing zombie, or to load spyware for snapping up usernames and passwords.
Although it doesn't include any revolutionary characteristics, it does, said Cluley, use a broad reach of hacker tactics. It tries to disable a large number of firewalls and anti-virus programs, changes the Windows HOSTS file so that users can't update their machines, and scans for computers that haven't been patched against the LSASS vulnerability in Windows, which was first disclosed in August 2004.
"Over the last year or so, virus writers have concentrated on putting out large numbers of variants," said Cluley. "Now that worms and viruses are being written for financial reasons -- to gain control of a PC to turn it into a zombies, say -- writers have a real incentive to get past defenses."
Mytob seems to be similar in some ways to the longer-running MyDoom family -- Sophos renames the most recent Mytob worms as a generic MyDoom when its anti-virus software detects them -- and at least one security firm suspected that that's no coincidence.
"The source code of MyDoom seems to have been used as a basis to create the Mytob worms," said Luis Corrons, the head of Panda Software's research labs. But the Mytob creator upped the MyDoom ante by adding his own twist, said Corrons. "Some modifications have been made, as they are also programmed to exploit the Windows LSASS vulnerability, which allowed the Sasser worm to launch a widespread attack in 2004."
|
http://www.techweb.com/wire/security/160700541
DickT - Just the Facts
"HAVE GUN & BADGE WILL TRAVEL"
 |
|
| Back to top |
|
 |
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
