Sonicwall Signatures


Go to All Categories list.

Mytob.BZ@mm is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Mytob.BZ@mm is compressed using the PENCRYPT executable packer and its file size is 49,790 bytes. It also changes Windows registry:
  • Creates value "default"="" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
  • Creates value "default"="" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices".
It creates the following mutex to ensure only one instance is running: X-B-T-3. It also attempts to acquire the "SeDebugPrivilege" privileges, monitors the list of running processes, is executed every time Windows starts.

Relevant Information