We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,812 News Articles

Are virus writers creating a super worm?

Recent rash of Mytob worm variant has some security experts concerned

Virus writers responsible for the recent rash of Mytob worm variants could be working on creating a super worm, a security researcher warns.

The ‘HellBot’ group behind the Mytob worms write programming instructions in their code that mirror the way developers work, says Sophos Security Consultant Carole Theriault.

"The only conclusion we can come up with is that they are working on a big super worm," Theriault says.

Since its discovery in February, the Mytob mass-mailing worm has spawned dozens of variants, each just slightly different, according to researchers.

However, each variant turns off an infected machine's security settings and blocks the user's access to security web sites, Theriault says.

This makes it difficult to get help once a machine has been infected, and Trojan programs accompanying the worms could leave a backdoor open for attack, she says. One recent version included spyware and adware, which could be used to reap monetary benefits, according to U.K. antivirus company Trend Micro.

The Mytob authors have been "very busy," releasing multiple variants a day, McAfee notes. While the distribution of each variant is low, combined there is a lot of activity around them, researchers say.

Over 50 percent of the reported problems coming into Sophos over the last 24 hours have been about Mytob worms, Theriault says. Recent versions, discovered earlier in the week, include Mytob.bi, which poses as a message from an IT administrator, warning that the recipient's email account is about to be suspended.

It scans the hard drive of an infected machine and sends copies of itself to email addresses it finds in the Windows Address Book. It also prevents the machine from accessing several antivirus and security Web sites, and can open a random port, allowing a hacker to gain remote access.

While antivirus companies would normally have to update their software to guard against each new variant, the Mytob family is so close that multiple variants can be caught using generic definitions of the worm, Theriault says. However, users are advised to keep their antivirus software up-to-date.


IDG UK Sites

45 Best Android games: top Android games for your smartphone or tablet in 2014 (24 are free!)

IDG UK Sites

How Apple, Adobe, Microsoft and others have let us down over UltraHD and hiDPI screens

IDG UK Sites

Do you have the X-Factor too? Mix Off app puts fans in the frame

IDG UK Sites

iPad Pro release date, rumours and leaked images - 12.9 screen 'coming in 2015'