Welcome to the Virus Encyclopedia of Panda Security.
It connects to an IRC server in order to receive remote control commands, downloads malware to the affected computer and prevents users from accessing several web pages. It spreads via email, across the Internet by exploiting the LSASS vulnerability and via MSN Messenger.
|First detected on:||May 23, 2005|
|Detection updated on:||Sept. 11, 2006|
|Yes, using TruPrevent Technologies
|Country of origin:||SPAIN|
Mytob.DN is a worm with backdoor characteristics that connects to an IRC server in order to receive remote control commands, such as delete, download and run files.
It downloads other malware to the affected computer, such as the worm detected as Faribot.A.
Aditionally, it prevents users from accessing certain web pages, belonging to antivirus companies.
Mytob.DN uses different means to spread:
- It spreads via email, in a message with variable characteristics.
- It exploits the LSASS vulnerability to spread across the Internet.
- It also spreads via MSN Messenger, using the worm Faribot.A to send copies of itsef.
If you have a Windows XP/2000 computer, it is highly recommendable to download the security patch for the LSASS vulnerability from the Microsoft website.
Mytob.DN is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.