Indiana State University

Contact Us


JOIN US
VISITING ISU
ACADEMICS
RESEARCH
ATHLETICS
ISU TODAY
Skip navigation



OFFICE OF INFORMATION TECHNOLOGY
User Services

OIT Help Desk

Help for Students

Help for Employees

Internet Access Help

MyISU Portal Help

FAQs

About Us

Virus and Security Alerts
   
   
   
   
CENTER FOR INSTRUCTION,
RESEARCH, AND
TECHNOLOGY
ISU COMMUNITY
PROSPECTIVE STUDENTS
ALUMNI & FRIENDS
PARENTS & FAMILY
BUSINESS & COMMUNITY
ISU A-Z
MyISU
SEARCH


OIT Help Desk

Virus and Security Alerts

W32.Mytob
 

There are many versions of the Mytob worm on the Internet with more appearing weekly.
 
This is a set of mass-mailing worms that spread initially through e-mail. This worm combines the functionalities of the MyDoom and SDBot worms. Some variants contain a link to a Web site that uses a flaw in Internet Explorer to download and execute files. The worm then opens a backdoor on varied TCP ports or IRC allowing hackers access to the machine. Other variants include a virus infected attachment.

The Mytob virus (a MyDoom Variant) generates e-mails that appear to come from legitimate sources such as support@indstate.edu, administrator@indstate.edu, info@indstate.edu, register@indstate.edu, mail@indstate.edu, and accounts@indstate.edu.
The body of the message may claim your e-mail account has been sending out spam or that your computer has been infected/compromised.
In many cases, the e-mails will be signed with "The isugw.indstate.edu support team" or "The Indstate Support Team".  Please note: We do not send e-mails out with this signature.

They arrive in email messages with spoofed sending addresses and with a subject line picked from an internal list. The bodies of the e-mail often contain a link urging you to click on it. Do not click on the link.

In order to protect yourself, you should be extremely cautious about opening any attachments to e-mail or clicking on any links.

Here is an example of one of these messages:
From: <info@indstate.edu>
To: <it-help@indstate.edu>
Date: Saturday, October 15, 2005 9:37 PM
Subject: *DETECTED* Online User Violation



Dear Indstate Member,

Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service.

If you choose to ignore our request, you leave us no choice but to cancel your membership.

Virtually yours,
The Indstate Support Team

General Virus Information

 It is common for worms to forge the from: field on e-mail so that it appears that a virus e-mail is coming from someone you know or even from yourself; you should check with the sender before opening unexpected attachments. If you receive any messages with suspicious attachments, do not open the attachment; instead delete the message.
It is important to have a virus scanner installed and updated with the latest virus data files. System scans should be performed often.

In addition to messages containing the worm, you may also receive warnings indicating that a message you sent has been blocked, although you did not send such a message. You may ignore these warnings, It is typical for mass-mailing
worms to forge or fake the source information in the e-mails they send.

Please call the OIT Help Desk if you need assistance, we are available at ext. 2910 or via web form: http://ithelp.indstate.edu/get-help-online.html

 ISU Student

W32.Mytob Links for more information:

Current Variants. These are listed as low risk by McAfee.

  
   

Last modified: 25-Jun-07     Maintained by: OIT Help Desk Staff
   

200 North Seventh Street, Terre Haute, Indiana, USA 47809-9989
Copyright © 2008 by Indiana State University. 800-GO-TO-ISU (800.468.6478)