By Sarah Gain
The latest worm variants disable applications and could hit Middle East at any time.
Trend Micro has issued medium risk alerts for two separate memory-resident worms which have been seen spreading by e-mail through Australia, China, Hong Kong, India, Japan, Korea, Philippines, Taiwan, the United States, Belgium, United Kingdom, and Germany. Experts warn that worm_Mytob.ar and worm_Mytob.bi could hit the Middle East at any time.
The viruses propagate by sending copies of themselves as attachments in an e-mail message, which gets sent to target recipients using the worms’ own simple mail transfer protocol (SMTP) engine.
On execution both worms modify the system registry, enabling the worms to run at start up. They can disable access to antivirus web sites, render antivirus applications ineffective and exploit vulnerabilities in Windows enabling the worms to spread through networks.
Trend Micro has also discovered that the worms download a file called tspy_agent.h, a form of spyware, which can lead to system security being compromised.
The subject line of the e-mail sent by the worms varies, using a number of false notifications such as “Account Alert,” “Security Measures” and “Notice of Account Limitation.”
The message body contains a diverse range of call-to-actions such as, “Once you have completed the form in the attached file, your account records will not be interrupted and will continue as normal.” The attachment is named using a combination of assorted words and file extensions.
These two worms take the total number of medium security alerts issued by Trend Micro in May up to six, completing a busy month in the battle against technology security. Reported infections were up 30% to a 22-month high. The chaotic month follows a quiet April, which experts view as a deliberate tactic by hackers and virus authors to catch technology security managers off their guard.