Mytob worm turns to phishing

New variants of the Mytob worm are using a phishing-style email to trick users into downloading malicious code from a Web site

IT security experts warned on Wednesday that the creators of the latest variants of the Mytob worm have borrowed tricks from phishers to infect more computer users.

Until now, the Mytob worm was propagated as email attachments. Once the worm was downloaded it installed a backdoor and used its own email engine to forward itself to addresses that it gathered from infected computers. The latest versions of the worm send out emails that contain a faked Web link pointing to a site that hosts the worm code, according to security company Sophos.

The emails masquerade as a legitimate email from the recipient's IT department or Internet service provider, and include references to the recipient's domain name and email address to give the message more legitimacy. Recipients are told that a security problem has been found with their account and they should click on the link to confirm the account.

Graham Cluley, a senior technology consultant for Sophos, said the email could cause problems for IT departments, as recipients will unwittingly click on links, thinking they are following legitimate instructions from their IT department.

"By using this disguise new versions of the Mytob worm attempt to lure the unwary into clicking on a dangerous web link," said Cluley in a statement. "This is a real headache for IT departments who often struggle to get their users to follow instructions. In this case, following the advice of the email would be a very bad idea."

Typically, phishing emails try to fool email users that they come from their bank, in an attempt to lure them to a fake Web site where they will disclose their account details.