W32/Mytob-EM is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.

W32/Mytob-EM drops a file called hellmsn.exe (detected by Sophos as W32/Mytob-D) in the same location. This component attempts to spread the worm by sending copies through Windows Messenger to all online contacts.

W32/Mytob-EM is capable of spreading through email and through various operating system vulnerabilities such as LSASS (MS04-011).


More information can be found at this Sophos page.