View Full Version : Mail worm goes on global infecting spree

4th August 2003, 04:23 PM
By Robert Jaques and Iain Thomson.

Worm/MiMail.A spreading at an 'alarming' rate, warn antivirus experts

A virulent worm has emerged in the wild and is infecting internet users at an alarming rate, antivirus experts have warned.
Worm/MiMail.A, a mass-mailing internet worm circulating worldwide, attempts to use an exploit in Microsoft Internet Explorer that allows a created executable virus to run on the local computer.

The internet worm spreads through email by using addresses it collects from local files on compromised clients. It arrives with a zip file attachment called 'message.zip', which contains the file 'message.html'.

Using the noted security exploit within Internet Explorer, 'message.html' will produce an executable file and run it.

Steven Sundermeier, vice president of products and services at security firm Central Command, said: "Worm/MiMail.A is spreading globally at an alarming rate.

"Our preliminary virus tracking report shows that US-based computer users are being the hardest hit thus far: at this time, 61 per cent of the confirmed infection reports have originated in the US.

"[The use of] a newer vulnerability within Internet Explorer, as well as creative social engineering, are fuelling the fire for Worm/MiMail.A."

An alert from antivirus company Panda Software added: "It's a malicious code with fast email spreading capability. In order to spread itself the worm uses two Internet Explorer vulnerabilities that Microsoft released patches for some time ago."

The worm arrives through email in the following format:

Subject: your account [account info]

Body: Hello there, I would like to inform you about important information regarding your email address. This email address will be expiring. Please read attachment for details.

Best regards, Administrator
Attachment: message.zip

A patch from Microsoft is available.