Your Peace of Mind is our Commitment

Contact Us English Recent Articles

MyTob outbreak leads to old problems

The MyTob worm was first discovered in last February 2005, which was only five months ago, but this worm and its variants have already caused major anti-virus vendors to publish more than four hundred virus alerts. That is about eighty MyTob family virus alerts per month. Trend Micro alone has published 139 such alerts, but only five of them were Medium level, the remainder being as Low level. Symantec has published almost as many, 114, with two ranked as Level 1 and the rest Level 2. Here is the summary (last updated 29th Jun 2005):

VendorTotal Number of AlertsFirst Alert DateLast Variant Reported
Trendmicro13928th Feb 2005WORM_MYTOB.HQ
Symantec11426th Feb 2005W32.Mytob.GK@mm
Sophos891st Mar 2005W32/Mytob-GZ
CA5831st Mar 2005Win32.Mytob.FI
McAfee243rd Mar 2005W32/Mytob.db@MM

As we can see, the last variant reported by different vendors varies a lot. The last variant reported by Trend is HQ. This is the (26*8+17) = 225th variant in only five months!

The naming situation is still confusing. The relevant Trend Micro virus description page for WORM_MYTOB.HQ lists an alias W32.Mytob.EE@mm. However, the Trend Micro page for WORM_MYTOB.EP also lists the alias W32.Mytob.EE@mm. These might both be referring to the variant named EE by Symantec, which Symantec says is called WORM_MYTOB.EP by Trend Micro – or perhaps not. Do the vendors think that users are not confused enough to see so many variants and aliases? Where is the unicorn? ("Hunting the UNICORN", Virus Bulletin May 2004, p.13-16)

More Information