Welcome to the Virus Encyclopedia of Panda Security.
It connects to an IRC server in order to receive remote control commands, ends several processes and prevents users from accessing several websites. It spreads via email in a message that contains a link.
|First detected on:||Jan. 8, 2006|
|Detection updated on:||Jan. 12, 2006|
Mytob.ML is a worm with backdoor characteristics that connects to an IRC server and receives control commands, which allow the affected computer to be remotely administrated.
This worm ends processes belonging to several security tools, such as antivirus programs and firewalls, among others. It also ends processes belonging to other malware.
Aditionally, it prevents users from accessing certain web pages, mostly belonging to antivirus companies.
In Windows XP computers, Mytob.ML disables the Internet Connection Firewall (ICF) and the Internet Connection Sharing (ICS).
Mytob.ML spreads via email, in a message that contains a link.
Mytob.ML is easy to recognize, as it reaches the computer in an email message with the following characteristics:
- Subject: one of the following:
Dear Valued Member,
According to our terms of services, you will have to confirm your e-mail by the following link, or your account will be suspended within 24 hours for security reasons.
After following the instructions in the sheet, your account will not be interrupted and will continue as normal.
Thanks for your attention to this request. We apologize for any inconvenience.
Sincerely, Wanadoo Security Department.
- This message contains the following link: