W32.Mytob.R@mm, formerly W32.Mytob.S@mm, uses its own SMTP email engine to send an email to addresses that it gathers from the Windows Address Book, allowing other users to access the compromised computer.
After installing itself in the registry and modifying data on the hard drive, the worm has the ability to open a back door and spread through the network by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow.
Both recent Mytob variants appear with the greeting "good day" or "mail transaction failed" in the subject header of the email.
On Monday, Symantec labeled the two new variants with a low or moderate threat rating, and while the security firm is urging users to update their security features, it has also warned that Mytob has the uncanny ability to block compromised computers from accessing security updates, such as ones issued by Symantec and McAfee.
In other news, Symantec issued a warning on the newest variant of the instant messenger worm, W32.Kelvir.J, which spreads through MSN Messenger. Once executed, W32.Kelvir.J sends a message to the user's contacts list with a note saying "quick! see this picture."
Once the user clicks on the link, they are directed to a malicious website and the remote file wtf.scr is downloaded onto the compromised computer. W32.Kelvir can infect Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP.