Mytob worm picks up phishing trick

The creators of recent Mytob worm variants have borrowed tricks from phishers to infect more computer users, security experts are warning.

The latest Mytob attacks send out an e-mail message that contains a fake URL pointing to a Web site that hosts the malicious worm code, security company Sophos said Wednesday. Previously, the worm propagated as an attachment in the message itself. Once the worm was downloaded, it installed a backdoor on a PC and used its own e-mail engine to forward itself to addresses gathered from the infected computer.

Related feature
Have you been phished?

Check here to see whether an e-mail that appears to be from your bank or an online merchant is actually an attempt to defraud you.

The messages sent out with recent Mytobs masquerade as legitimate e-mail from the recipient's IT department or Internet service provider. They include references to the recipient's domain name and e-mail address to add legitimacy. Recipients are told that a security problem has been found with their account and that they should click on the link to confirm the account.

Graham Cluley, a senior technology consultant for Sophos, said the e-mail could cause problems for IT departments, as recipients will unwittingly click on links, thinking they are following legitimate instructions from their IT department.

"By using this disguise, new versions of the Mytob worm attempt to lure the unwary into clicking on a dangerous Web link," Cluley said in a statement. "This is a real headache for IT departments, who often struggle to get their users to follow instructions. In this case, following the advice of the e-mail would be a very bad idea."

Typically, phishing scams try to fool recipients into believing that an e-mail has come from their bank or other trusted provider, in an attempt to lure them to a fake Web site where the targets are asked to disclose their account details.

Ingrid Marson of ZDNet UK reported from London.