News Stay informed about the latest enterprise technology news and product updates.

New Mytob worm phishing for victims

Anti-virus vendors are warning users that the latest W32/Mytob-DA variant is on the prowl, masquerading as an e-mail message from their own security administrator.

AV vendors are warning users that the latest W32/Mytob-DA variant is on the prowl, this time masquerading as an e-mail message from their own security administrator that will allow their machines to be remotely controlled.

According to U.K.-based MessageLabs, the malware spoofs the sender's address to replicate the recipient's domain; the message asks the user to follow the URL to confirm his/her e-mail account to prevent it from being suspended. The Web link is also spoofed to appear to connect to the target company's Web site. If clicked, the Web link in the e-mail message will download a file named, which will enable infected machines to be remotely controlled.

"Activities like phishing, the surreptitious planting of Trojans and spyware and the hijacking of unsuspecting PC users' machines as botnet proxies provide further proof of the growing complexity of criminal involvement in the electronic communications environment," Maksym Schipka, AV technical architect at MessageLabs, said in a statement. "Electronic exploitation will continue to evolve evermore sophisticated mechanisms by which nefarious gain can be achieved, and so it is vital that computer users exercise caution when dealing with unsolicited emails."

MessageLabs ranks the outbreak as a medium-level threat and said it has intercepted nearly 3,500 copies since yesterday.

The e-mail has the following characteristics:

Subject lines:

*IMPORTANT* Please Confirm Your Account; *IMPORTANT* Please Validate Your Account; Account Alert; Important Notification; Notice of account limitation; Notice: **Last Warning**; or Security measures. [The subject may also be blank or contain a series of random characters.]

Body Text:

Dear Valued Member,

According to our terms of services, you will have to confirm your e-mail by the following link or your account will be suspended within 24 hours for security reasons.

http://www.[email address]/confirm.php?email=[domain name]

Thank you for your attention to this request. We apologize for any inconvenience.

Sincerely, Security Department

This article originally appeared on

Dig Deeper on Lotus Notes Domino Phishing and Email Fraud Protection

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.




  • iSeries tutorials's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...