MyTob.HH
MyTob.HH is a variant of MyTob worm. It is a mass-mailing worm that uses it own SMTP engine to send an email to addresses that it gathers from files on the infected computer. Upon execution, it drops a copy of itself using the file name taskgmr.exe in the Windows system folder. It uses its own Simple Mail Transfer Protocol (SMTP) engine to send email messages, which have the following message body:
Dear Valued Member,
According to our terms of services, you will have to confirm your e-mail by the following link, or your account will be suspended within 24 hours for security reasons.
http://www.{two random characters}/confirm.php?account={random number}
After following the instructions in the sheet, your account will not be interrupted and will continue as normal.
Thanks for your attention to this request. We apologize for any inconvenience.
Sincerely, {random} Abuse Department
MyTob.HH attaches a copy of itself in email messages it sends. Executing the said attachment transforms the system into a launch pad and furthers this worm's replication.
File System Modifications
- The following files were created in the system:
# File Name 1 taskgmr.exe 2 winsvc32.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.