The new method uses a Web link to infect unsuspecting users' computers rather than the previous one where users would have seen an email containing viral attachments.

The new versions of Mytob generate emails which look completely legitimate and seem to come from the recipient's IT department or ISP. The body of the email contains information suggesting that the recipient is currently experiencing a security problem to do with their email account, craftily suggesting that the user should click on the enclosed Web link for solutions or help with the matter.

Users are often advised by their employers not to click on such links as they are blatant scams, however the twist to this link is that it cheekily contains a reference to recipients domain name and even more craftily to their email address making it seem completely legitimate.

Instead of visiting the claimed domain name's Web site, by clicking on the link, recipients will instead visit a different Web site, which will download Mytob onto the email recipient's computer.

What is the damage caused?

Mytob turns off security programs on infected Windows computers and denies access to many popular security Web sites. It also attempts to open a backdoor onto the computer, allowing unauthorised remote hackers to gain access.

How can users protect against these types of attacks?

The answer lies with ArmourPlate which blocks viruses before they get to an organisation's network. ArmourPlate uses three respected anti-virus software suites and its own proprietary technology which detects and stops new viruses that have not yet been discovered.

In short, ArmourPlate works alongside your existing systems to safeguard your company's internal network, preventing it from malicious virus and spam email attacks that can block your systems and cause costly downtime. By both in-bound and out-bound scanning, your business reputation with your staff, customers, partners and peers is protected.

Source: Sophos

BACK TO NEWS MENU

VIEW NEXT ARTICLE