Up until recently the most prevalent Virus we have come across this year so far was the Sober.P worm. Today however a new nasty has taken the lead by a significant margin. The Mytob.BZ worm spreads by e-mail and over network sharing using a RPC buffer overrun flaw in Windows. Mytob.BZ opens a back-door to the computer allowing remote control to malicious parties by joining an IRC server. It also e-mails itself to addresses found on the infected computer except those addresses that might be able to do something about it. (like Microsoft, .gov domains and the anti-virus companies as well as several others.) Lastly it blocks access to some security sites and can download and run further malicious software.
This nasty was first found early in May 2005 so most Anti-virus packages can now remove it. If you don’t have a good Anti-virus application, (and if the number of these our mail server stops daily is any indication many do not) then head over to tips.littlehosting.com and grab a free copy of AVG. For more information on Mytob.BZ, see Sophos or Symantec.
