New Mytob worm phishing for victims

Anti-virus vendors are warning users that the latest W32/Mytob-DA variant is on the prowl, masquerading as an e-mail message from their own security administrator.

AV vendors are warning users that the latest W32/Mytob-DA variant is on the prowl, this time masquerading as an e-mail message from their own security administrator that will allow their machines to be remotely controlled.

According to U.K.-based MessageLabs, the malware spoofs the sender's address to replicate the recipient's domain; the message asks the user to follow the URL to confirm his/her e-mail account to prevent it from being suspended. The Web link is also spoofed to appear to connect to the target company's Web site. If clicked, the Web link in the e-mail message will download a file named Confirm_Sheet.com, which will enable infected machines to be remotely controlled.

"Activities like phishing, the surreptitious planting of Trojans and spyware and the hijacking of unsuspecting PC users' machines as botnet proxies provide further proof of the growing complexity of criminal involvement in the electronic communications environment," Maksym Schipka, AV technical architect at MessageLabs, said in a statement. "Electronic exploitation will continue to evolve evermore sophisticated mechanisms by which nefarious gain can be achieved, and so it is vital that computer users exercise caution when dealing with unsolicited emails."

MessageLabs ranks the outbreak as a medium-level threat and said it has intercepted nearly 3,500 copies since yesterday.

The e-mail has the following characteristics:

Subject lines:

*IMPORTANT* Please Confirm Your Account; *IMPORTANT* Please Validate Your Account; Account Alert; Important Notification; Notice of account limitation; Notice: **Last Warning**; or Security measures. [The subject may also be blank or contain a series of random characters.]

Body Text:

Dear Valued Member,

According to our terms of services, you will have to confirm your e-mail by the following link or your account will be suspended within 24 hours for security reasons.

http://www.[email address]/confirm.php?email=[domain name]

Thank you for your attention to this request. We apologize for any inconvenience.

Sincerely, Security Department

This article originally appeared on SearchSecurity.com

Dig deeper on Lotus Notes Domino Phishing and Email Fraud Protection

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

Search400

  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

SearchEnterpriseLinux

SearchDataCenter

SearchExchange

SearchContentManagement

Close