The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1
Latest posting
By rating
By popularity

Join our blog

You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.

Virus Watch|New Mytob becoming prevalent

Kaspersky Lab Expert
Posted April 18, 15:52  GMT
Tags: Mytob

Early this morning we released an update for Net-Worm.Win32.Mytob.eg.

Since then we've been seeing a clear increase in the number of samples.

This variant doesn't really differ from earlier variants, it's just a very basic Mytob. However, it is spreading which means that users should be on the lookout.

It spreads via email and contains a limited IRCBot which only has support for basic features such as downloading files.

As is usually the case with Mytob, the email message that brings the worm closes with a statement purporting to be from an antivirus company, saying that no viruses have been found.

This variant is spreading actively, so be smart, don't be fooled.

Comment      Link

Virus Watch|New Mytobs, and generic detections

Kaspersky Lab Expert
Posted May 17, 16:12  GMT
Tags: Mytob

We've been seeing a lot of new Mytob variants recently. It's less than three months since we added detection for Mytob.a and already we're well into double figures. In the last day or so we've added detection for Mytob.au (and there's a lot of Mytob.au out there!), Mytob.av and Mytob.aw. If it were not for generic signatures, there would be a lot more!

Generic detection lets us detect multiple variants of the same malware family using a single virus definition ... sometimes tens or even hundreds of threats! The use of hundreds of unpackers within the Kaspersky® antivirus engine has the same effect: re-packed variants are often detected without the need for a new definition.

The down side is that the suffix used to identify some new threats may not match that used by other antivirus vendors. This is especially true for 'successful' threats that spawn large numbers of variants.

Comment      Link