Outbreak Name: Mytob-HJ*
Outbreak Date: 4-19-06
Dangerous Worm Turns Infected Computers into Zombies Outbreak Filters Protects Users 32 hours and 57 minutes Before First Traditional AV Solution
Background
IronPort's Virus Outbreak Filters protects customers within the critical period between the first exploit of a virus outbreak and the release of an AV signature. During the recent Mytob variant outbreak, Outbreak Filters protected customers 32 hours and 57 minutes before traditional AV vendors** provided protection.
Potential Damage from Outbreak
Mytob-HJ is a dangerous worm that spreads by telling users to open an attachment to verify or update account information. Once opened, the virus disables security software and replicates further through network shares and email harvesting.
The virus also opens a backdoor that remote hackers can use to take over the computer, and use it to send spam and host spyware. Remote hackers can also install key loggers and screen scrapers onto the infected PC to steal personal, confidential and financial information without the user's knowledge.
Timeline
* As named by Sophos.
** Calculated as publicly published signatures from the following vendors: Sophos, Trend Micro, Computer Associates, F-Secure, Symantec and McAfee. If signature time is not available, first publicly published alert time is used.
