A new batch of Mytob link emails is currently spreading. It uses the same technique as the one posted a while back.
The link which is found on the emails spread by Mytob downloads a file named Confirmation.pif.
This file is actually a Self Extracting Rar archive file containing a malware package.
Some files included are the WORM_MYTOB that spreads the email and a BOT malware.
According to a report made by Mark Toshack of MessageLabs, this new Mytob also installs an adware from http://{blocked}.matcash.com. It is said that the author gets $0.15 each each time the adware program is installed.
The link which is found on the emails spread by Mytob downloads a file named Confirmation.pif.
This file is actually a Self Extracting Rar archive file containing a malware package.
Some files included are the WORM_MYTOB that spreads the email and a BOT malware.
According to a report made by Mark Toshack of MessageLabs, this new Mytob also installs an adware from http://{blocked}.matcash.com. It is said that the author gets $0.15 each each time the adware program is installed.