The Mytob worm is making the rounds. In the past four days, the copy of PC-cillin on my main working PC has successfully blocked seven copies of messages containing an infected attachment, and I’ve deleted a few more copies that arrived with corrupted (and therefore harmless) attachments.
But the one that shoed up this morning was hilarious. Like most mass-mailing worms, Mytob scours the infected machine to find e-mail addresses, and it uses the addresses it finds both as the destination and to forge the From: field. So this morning I received an attachment that was, ostensibly, from stephanie@contoso.com.
Anyone who’s worked with Office through the years should recognize the company instantly. Contoso.com is a fake domain registered by Microsoft and used extensively in sample files and product demos for Office and SharePoint. It’s comforting, I suppose, to know that this worm is too stupid to tell a fake domain from the real thing.
Ed Bott 