Mytob Worm Woes Continue

Symantec on Wednesday confirmed that the e-mail worm Mytob continues to plague the internet, and in the last week alone has had as many as eight variants released, bringing the total number of variants to 12 since the beginning of March.

The two latest variants, W32.Mytob.R and W32.Mytob.S, have thus far been classified as mild to moderate threats by Symantec, however the anti-virus vendor is still advising subscribers to manually update their anti-virus definitions as the newest versions of the worm also adds a text file to a compromised PC, which in turn blocks anti-virus applications from automatically updating.
The two newest versions of Mytob are distributed through mass e-mailing campaigns, utilizing "backdoor" techniques to infect Windows based systems. Once infected, the worm then uses it's own SMTP (Simple Mail Transfer Protocol) engine to redistribute itself to e-mail addresses harvested from the infected computer. In addition Mytob also exploits the Local Security Authority Service Remote Buffer Overflow in Windows, a security hole that has already been addressed by Microsoft via Windows Update.
E-mails infected with Mytob generally contain subject headings like "Good Day", or "Mail Transaction Failed", and one variant called W32.Mytob.Q, also contains another low level virus W32.Pinfi.
Symantec has created a removal tool and instructions for users infected with Mytob, you can download it here.