Article

New Mytob worm phishing for victims

SearchSecurity staff

AV vendors are warning users that the latest W32/Mytob-DA variant is on the prowl, this time masquerading as an e-mail message from their own security administrator that will allow their machines to be remotely controlled.

According to U.K.-based MessageLabs, the malware spoofs the sender's address to replicate the recipient's domain; the message asks the user to follow the URL to confirm his/her e-mail account to prevent it from being suspended. The Web link is also spoofed to appear to connect to the target company's Web site. If clicked, the Web link in the e-mail message will download a file named Confirm_Sheet.com, which will enable infected machines to be remotely controlled.

"Activities like phishing, the surreptitious planting of Trojans and spyware and the hijacking of unsuspecting PC users' machines as botnet proxies provide further proof of the growing complexity of criminal involvement in the electronic communications environment," Maksym Schipka, AV technical architect at MessageLabs, said in a statement. "Electronic exploitation will continue to evolve evermore sophisticated mechanisms by which nefarious gain can be achieved, and so it is vital that computer users exercise caution when dealing with unsolicited emails."

MessageLabs ranks the outbreak as a medium-level threat and said it has intercepted nearly 3,500 copies since yesterday.

The e-mail has the following characteristics:

Subject lines:

*IMPORTANT* Please Confirm Your Account; *IMPORTANT* Please Validate Your Account; Account Alert; Important Notification; Notice of account limitation; Notice: **Last Warning**; or Security measures. [The subject may also be blank or contain a series of random characters.]

Body Text:

Dear Valued Member,

According to our terms of services, you will have to confirm your e-mail by the following link or your account will be suspended within 24 hours for security reasons.

http://www.[email address]/confirm.php?email=[domain name]

Thank you for your attention to this request. We apologize for any inconvenience.

Sincerely, Security Department

This article originally appeared on SearchSecurity.com


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: