14 DAY TRIAL // When it appeared, the Mytob worm didn't get too much attention from experts, but it did its job thoroughly and spread out quite a lot. In the last week, 8 versions of the worm appeared and at since the beginning of March 12 versions have been discovered.
Symantec announced at the beginning of this week two new versions: W32.Mytob.R and W32.Mytob.S. Both versions are considered having a low level of danger, this label being applied to previous versions of the worm. Still, the company recommends updating the security software to prevent threats with a higher level of danger.
The most recent versions of MyTob follow "the program" established by their predecessors: spreads through email messages and once installed on the system it opens several backdoors. The targets belong to the Microsoft Windows user community.
The worm has its own SMTP (Simple Mail Transfer Protocol) engine which it uses to automatically forward itself to all email addresses found on the system. The level of danger increases due to the exploitation of a Local Security Authority Service Remote Buffer Overflow error from the Windows system, a breach which has already been solved by one of Microsoft's security patches.
These last versions of the MyTob worm try to block the user from accessing updates for the main security companies: Symantec, McAfee, but also Microsoft.
The 13 versions of the worm look alike, with the exception of one: W32.Mytob.Q, discovered by Symantec during this weekend. This version includes another worm, W32.Pinfi, but this one is not acknowledged as a dangerous one either.