Welcome to the Virus Encyclopedia of Panda Security.
It connects to an IRC server and accepts remote commands that are run in the affected computed. It deletes several variants of worms such as Netsky, Sobig, Bagle and Blaster. It spreads via e-mail and across the Internet.
|First detected on:||Feb. 28, 2005|
|Detection updated on:||Feb. 28, 2005|
|Yes, using TruPrevent Technologies
Mytob.A is a worm with backdoor characteristics. It connects to the server irc.blackcarder.net and accepts remote commands that are run in the affected computed, which allows hackers to gain remote control over it.
In addition to this, Mytob.A deletes several variants of worms such as Netsky, Sobig, Bagle and Blaster.
Mytob.A uses different means to spread:
- It spreads via e-mail in a message with variable characteristics.
- It exploits the LSASS vulnerability to spread across the Internet.
If you have a Windows XP/2000 computer, it is highly recommendable to download the security patch for the LSASS vulnerability from the Microsoft website.
Mytob.A is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.