A worm with demo files

Published April 15, 2005

The Mytob worm is making the rounds. In the past four days, the copy of PC-cillin on my main working PC has successfully blocked seven copies of messages containing an infected attachment, and I’ve deleted a few more copies that arrived with corrupted (and therefore harmless) attachments.

But the one that shoed up this morning was hilarious. Like most mass-mailing worms, Mytob scours the infected machine to find e-mail addresses, and it uses the addresses it finds both as the destination and to forge the From: field. So this morning I received an attachment that was, ostensibly, from stephanie@contoso.com.

Anyone who’s worked with Office through the years should recognize the company instantly. Contoso.com is a fake domain registered by Microsoft and used extensively in sample files and product demos for Office and SharePoint. It’s comforting, I suppose, to know that this worm is too stupid to tell a fake domain from the real thing.

Comments are closed. If you have a question or correction, please contact me on Twitter.

Ed on Twitter

Former Nokia exec @tomiahonen says company was years ahead of Apple until Elop came along. Bizarre read: http://t.co/p1sGCfvd 15 minutes ago
Wilco just got name-checked by POTUS? Whoa. 10 hours ago
My eyes RT @johnmoe What the RT @RandBallsStu: Dear God. RT @sbnation Oh my RT @LookoutLanding: This kid http://t.co/KLssQVSx 10 hours ago
Congrats to @harrymccracken for his new editorial gig RT @gchiemingo TIME is on his side (too easy) 16 hours ago
Google-branded streaming media device coming http://t.co/eyTnRdNQ via @WSJ 17 hours ago

Ed Bott

I write stuff. Mostly about Windows. Sometimes I get paid for it.

A worm with demo files

Search this site

Hosted by A2

Ed @ ZDNet

Ed on Twitter

Meta

Sponsors

Links of Interest