This application requires Javascript for optimal performance.

W32/Mytob.L@mm - Released Mar 23, 2005 - Last Updated Oct 17, 2006

Alias/es

Net-Worm.Win32.Mytob.f, W32.Mytob.K@mm [SAV], W32.Mytob.L@mm [SAV], W32/Mytob-D [Sophos], W32/Mytob-K [Sophos], W32/Mytob.L-mm, W32/Mytob.M@mm [F-Prot], W32/Mytob.OX.worm, W32/Mytob.worm!im, W32/Mytob.X [F-Prot], Win32/Mytob.I, Worm.Mytob.F, Worm.Mytob.H-3

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

Visible Symptoms

  • System is also infected with other variants of the MyTob worm.

Detailed Analysis

  • Samples are packed in FSG.

  • This worm is dropped in the root folder of Drive C by other variants of the MyTob worm.

  • When the executed, it sends a copy of one of the following files to all MSN Messenger contacts:

    • C:\funny_pic.scr
    • C:\my_photo2005.scr
    • C:\see_this!!.scr

Recommended Action

    FortiGate Systems

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

Reference: ID - 37888