Slew Of Mytob Worms Strike

The eight -- dubbed Mytob.j through Mytob.s with some final letter designations skipped -- are mass-mailed worms that spread by sending themselves to addresses they find on the target Windows PC. They can also spread, said Symantec, by exploiting the LSASS vulnerability in Windows. That bug, first disclosed in an April 2004 security bulletin, http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx has been patched by Microsoft. Still, it remains a favorite target of hackers, who continue to find unpatched systems.

Mytob also tries to prevent infected machines from reaching security update sites -- such as those operated by Symantec, Sophos, McAfee, and Microsoft -- by changing the PC's Hosts file.

The worm comes with a variety of subject headings and attached file names and formats, but it often appears with the subjects of "Mail Transaction Failed" and "Error."

All of the Mytob copycats have been labeled with a "2" warning level by Symantec, which uses a 1 through 5 system.

Two new variations -- Mytob.r and Mytob.s -- had appeared by mid-morning Monday, following one on Sunday, three last Friday, and two last Thursday.