SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Mytob.X_4
Mytob.X_4 is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. Mytob.X_4 is compressed using the Embedded_I#157e0 executable packer and its file size is 129,024 bytes. This malware is written in Visual Basic.

It uses the network connection:

  • Looks for an Internet connection.
  • Connects to "l0v3ly4.dynu.net" on port 6668 (TCP).
  • Sends data stream (46 bytes) to remote address "l0v3ly4.dynu.net", port 6668.
  • Connects to IRC Server.
  • IRC: Uses nickname [I]gkfmtyiigspe.

Mytob.X_4 drops the following files on the hard drive:

  • C:\WINDOWS\system32\taskgmr.exe (129024 bytes)
  • C:\funny_pic.scr (129024 bytes)
  • C:\see_this!!.scr (129024 bytes)
  • C:\my_photo2005.scr (129024 bytes)
  • C:\hellmsn.exe (6050 bytes)
It creates the following mutex to ensure only one instance is running: H-E-L-L-B-O-T.


Relevant Information