PDA

View Full Version : "Mimail" masquerades as note from IT staff


Gservo
5th August 2003, 12:15 PM
A new self-mailing Windows virus called "Mimail" has proven effective at disguising itself as a message from an IT administrator, and it's rapidly vaulting to the top of Symantec's virus charts. The e-mail worm exploits an Internet Explorer flaw that allows it to execute a script on the infected computer, using the local address book to e-mail copies of itself out to other systems.

W32.Mimail.A@mm is a worm that spreads by email and steals information from a user's machine. The email has the following characteristics:

Subject: your account %s
Attachment: message.zip

NOTE: %s refers to a variable string.


The threat captures information from certain windows on a user's desktop and emails it to specific mail addresses.
This threat takes advantage of known vulnerabilities(MS02-15 an MS03-14). A Microsoft patch is located at: http://www.microsoft.com/windows/ie/downloads/critical/330994/default.asp.
We encourage system administrators to apply the Microsoft patch to prevent infection by this worm.
The worm is packed with UPX.
Virus definitions with a version number of 50801r, also known as August 1, 2003 rev 18, or greater will detect this threat.
more here (http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.a@mm.html)