Welcome to the Virus Encyclopedia of Panda Security.
It connects to an IRC server in order to receive remote control commands, downloads malware to the affected computer and prevents users from accessing several web pages. It spreads via e-mail, across the Internet and across networks.
|First detected on:||April 11, 2005|
|Detection updated on:||Nov. 21, 2007|
|Yes, using TruPrevent Technologies
Mytob.AR is a worm with backdoor characteristics that connects to an IRC server in order to receive remote control commands, such as delete, download and run files.
It downloads other malware to the affected computer, such as a worm detected as Faribot.B and the hacking tool called Rootkit.C.
Aditionally, it prevents users from accessing certain web pages, belonging to antivirus companies.
Mytob.AR uses different means to spread:
- It spreads via e-mail, in a message with variable characteristics.
- It exploits the LSASS vulnerability to spread across the Internet.
- It attempts to access network shared resources using passwords that are typical or easy to guess.
If you have a Windows XP/2000 computer, it is highly recommendable to download the security patch for the LSASS vulnerability from the Microsoft website.
Mytob.AR is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.