Virus
Virus
R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com
ADVERTISEMENT

Destructive MiMail variant hits web

Promise of sexy photos will only give users a headache

Robert Jaques, vnunet.com 03 Nov 2003
ADVERTISEMENT

Antivirus firms have warned of a 'destructive' worm that has just emerged in the wild.

The W32/Mimail.c@MM, also known as Mimail.c, is a dangerous worm that bears similarities to W32MiMail@MM.

But according to McAfee's Anti-Virus Emergency Response Team (Avert), this variant does not use the codebase MS02-015 and MHTML (MS03-014) exploits against Microsoft Windows operating systems employed by previous variants.

Instead, Mimail.c contains its own SMTP engine for constructing messages, and mails itself as a zip or upx attachment.

The symptoms of the virus are relatively easy to spot: infected users may notice excessive activity from their machine, or a possible lag in usage. This can occur from the mass-mailing component or from the secondary actions of the virus as it sends data to a remote site.

After being executed, Mimail.c emails itself out as an attachment with the filename 'Photos.zip'. Target email addresses are harvested from the victim's machine and are written to the file eml.tmp in WinDir.

Testing shows that the worm is overly lax in identifying valid email addresses. As a result, messages are likely to be sent to invalid recipients.

Users should immediately delete any email containing the following:

Subject:
Re[2]: our private photos [plus additional spaces then random characters].

Attachment:
'photos.zip' (12,958 bytes) which contains 'photos.jpg.exe' (12,832 bytes).

Message Body:
Hello Dear!,
Finally, i've found possibility to right u, my lovely girl :)
All our photos which i've made at the beach (even when u're withou ur bh:))
photos are great! This evening i'll come and we'll make the best SEX :)
Right now enjoy the photos.
Kiss, James.

McAfee warned that, in a bid to make the virus emails less conspicuous, the 'From' address of infected outgoing messages may be spoofed with james@(target domain.com) - for example, james@abc.com.

Immediate information and cures for this virus are offerd online by a number of antivirus firms, including Network Associates' Avert service.

See also:

MiMail
Mimail mutant maximises Mydoom misery
Double whammy as Mimail.S variant adds to worldwide devastation  30 Jan 2004
Virus
Worm variant targets PayPal users
Credit card harvester 'MiMail I' spreading worldwide  14 Nov 2003
Bug busters: keeping your PC virus free
With more computer viruses reported every day, it may seem like we're fighting a losing battle but there are plenty of simple ways to keep your PC safe from harm. Let us show you how.  29 Oct 2003
Bugwatch: All hail the virus researcher
In praise of unsung antivirus heroes  21 Oct 2003
security
Don't rely on Microsoft AV, warns analyst
Gartner advises companies not to bank on future Windows OS for virus protection  17 Sep 2003
How should virus writers be punished?
Tell us your views  16 Sep 2003
Neil Barrett
Viruses are here to stay
Thanks partly to human nature, we can expect no relief from virus attacks. It may never be safe to lower our guard  09 Sep 2003

All Enterprise Security Technology

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Java, J2EE, Developer, Spring, Hibernate, London, city, Graduat
| Aston Carter
Java, J2EE, Developer, Spring, Hibernate, London, city, Graduate. This is an amazing opportunity to join a successful city based team working at the cutting edge of development. My client is looking for strong Java/J2EE developers ... more >
E-Commerce, Greenfield, Agile, Java, J2EE, , JavaScript, SQL, L
| Aston Carter
E-Commerce, Greenfield, Agile, Java, J2EE, , JavaScript, SQL, London, City Graduate This is an exceptional opportunity for a talented Java, J2EE developer keen to work in a successful development team within arguable the best agile ... more >
2nd Line Support Analyst - London - to£40k
| Rullion Computer Personnel Ltd
2nd Line Support Analyst London £35, 000 to £40, 500 My client is a global market leader in the Internet Applications Industry. The company is continually progressing and looking for areas of growth and this ... more >
Security Solution Architect
| Rullion Computer Personnel Ltd
Security Architect / Information Security Specialist – St Albans - Global Leader - Shine At The Highest Level Security Solution Architect / Information Security Architect required by renowned blue-chip organisation offering the finest security projects ... more >
More job opportunities
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Software engineer jobs
Inquirer Jobs Firmware developer jobs, Electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2009
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503