The MyTob worm was first discovered in last February 2005, which was only five months ago, but this worm and its variants have already caused major anti-virus vendors to publish more than four hundred virus alerts. That is about eighty MyTob family virus alerts per month. Trend Micro alone has published 139 such alerts, but only five of them were Medium level, the remainder being as Low level. Symantec has published almost as many, 114, with two ranked as Level 1 and the rest Level 2. Here is the summary (last updated 29th Jun 2005):
| Vendor | Total Number of Alerts | First Alert Date | Last Variant Reported |
|---|---|---|---|
| Trendmicro | 139 | 28th Feb 2005 | WORM_MYTOB.HQ |
| Symantec | 114 | 26th Feb 2005 | W32.Mytob.GK@mm |
| Sophos | 89 | 1st Mar 2005 | W32/Mytob-GZ |
| CA | 58 | 31st Mar 2005 | Win32.Mytob.FI |
| McAfee | 24 | 3rd Mar 2005 | W32/Mytob.db@MM |
As we can see, the last variant reported by different vendors varies a lot. The last variant reported by Trend is HQ. This is the (26*8+17) = 225th variant in only five months!
The naming situation is still confusing. The relevant Trend Micro virus description page for WORM_MYTOB.HQ lists an alias W32.Mytob.EE@mm. However, the Trend Micro page for WORM_MYTOB.EP also lists the alias W32.Mytob.EE@mm. These might both be referring to the variant named EE by Symantec, which Symantec says is called WORM_MYTOB.EP by Trend Micro – or perhaps not. Do the vendors think that users are not confused enough to see so many variants and aliases? Where is the unicorn? ("Hunting the UNICORN", Virus Bulletin May 2004, p.13-16)