"Net-Worm.Win32.Mytob.bi" not recognized by Avast!

Hello all,

Just found out that the virus “Net-Worm.Win32.Mytob.bi” is not identified by Avast Managed Client 4.6.635 with VPS 525-3. The virus identification was made using Kaspersky’s online scanner.

The virus is distributed as a zipped e-mail attachment, disguised as a support mail from “admin@domain” - the same old “trick”… :wink:

I’ve submitted a notification about this to virus@avast.com.

Regards,

JS.

Now I not sure if Avast Managed Client is on the same version numbering as the Home/Pro version but the latest version for Home/Pro is 4.6.665, so you should check for a program update.

The same goes for the VPS which does appear to be the current one.

The Virus Identification being made by another AV may well throw up a different name as there is no standardisation of naming. But I’m sure that it will be checked and added to the VPS.

Hello DavidR,

Here is a very interesting link to go compare the naming of similar viruses with the various AV products:
http://viruspool.vanderkooij.org/
Enjoy his viruspool,

greets,

polonus

It’s not the same - the two versions (pro/home and netclient) are distributed independently. However, both my client and VPS versions are indeed up-to-date…

You’re absolutely right, but as long as Avast! doesn’t detect the thing, I don’t know what else to call it. Let’s just hope Avast! get a new VPS out soon!

Interesting link, polonus - thanks!

JS.

New versions of Mytob are emerging every hour:

http://news.bbc.co.uk/1/hi/technology/4080420.stm

Hi jstegmann,

Just the more reason to make sure your e-mail security is OK. Install a program that can check your e-mails at the place where it should be the server of your ISP, not getting them onto your machine, until you know you want them. In the case of such a program feed it with several black lists so they are marked right out. First think, click later. In this case you close the vulnerability window, and unknown viruses won’t reach your inbox. Digital hygiene can save you here.

greets,

polonus

Hi polonus,

thanks for the advice, but we’re actually already using that - it just didn’t catch this one. We have a Barracuda box, which does reverse DNS look-up as well as virus-scanning, spam detection etc. (see www.barracudanetworks.com).

Regards,

JS.

Win32:Mytob-HC [Wrm], Win32:Mytob-HD [Wrm], Win32:Mytob-HE [Wrm] are included in todays update!

Currently there are 222 hits on a search of the avast virus database for ‘mytob’ (without the quotes) although they are not all classed as in the wild.

I have just checked and the w32:mytob-bi [wrm] is in the virus database, so it should now be detected (assuming this is the same one), but when it was added I can’t say.

There are so many variants of Mytob that I’m quite sure the one called “BI” by Kaspersky is called differently by avast!.