W32/Mytob-AN is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network. W32/Mytob-AN is capable of spreading through email and through various operating system vulnerabilities such as LSASS (MS04-011). Email sent by W32/Mytob-AN has the following properties:

Subject line:
document
Good day
Mail Delivery System
Mail Transaction Failed
message
readme
Server Report
Status

Message text:
'This is a multi-part message in MIME format.'
'Mail transaction failed. Partial message is available.'
'The message contains Unicode characters and has been sent as a binary attachment.'
'The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.'
'The original message was included as an attachment.'
'Here are your banks documents.'


The attached file consists of a base name followed by the extensions PIF, SCR, EXE,CMD or ZIP. The worm may optionally create double extensions where the first extension is DOC, TXT or HTM and the final extension is PIF, SCR, EXE, CMD or ZIP. W32/Mytob-AN harvests email addresses from files on the infected computer and from the Windows address book.

More information can be found at this Sophos page.