Net-Worm.Win32.Mytob, critical Windows vulnerabilities

04.13.05 08:35 GMT
Status : moderate risk

Kaspersky Lab has raised its threat level to yellow, indicating a medium threat. This is for two reasons.

The first reason is the continuing outbreak caused by the network worm Mytob. The first version of this worm was detected on 26th February 2005. The Mytob family is growing fast - according to our detections, there are now 25 versions of the worm, with 6 new versions being detected between the 9th and 11th April.

Net-Worm.Win32.Mytob.c, which was detected on 1st March, represents a particular threat. Over the past three weeks this worm has headed our virus statistics, making up approximately 30% of all mail traffic. Additionally, six or seven other variants from the Mytob family are present in our Virus Top Twenty, showing that these worms have propagating steadily, intensifying the outbreak.

Mytob is a modification of the Mydoom source code, but the author has added network worm funtionality. This means that the worm can propagate via the LSASS vulnerability. Mytob also has a bot function; this enables a remote malicious user to control infected computers via IRC channels, and to freely access files on the victim machines.

The second reason for the yellow alert is that Microsoft has released details of the latest patches for Windows vulnerabilities. Five of the latest vulnerabilities are rated critical, the highest security rating. If exploits for these vulnerabilities are published, this could lead to a global epidemic. It's extremely likely that virus writers are already researching these vulnerabilities with the aim of producing such malicious code.

All Windows users are strongly recommended to install the latest patches from Microsoft now. The patches can be downloaded from the Microsoft site, which also contains further information.