Lollypop 0 Posted August 4, 2003 New email worm, W32.Mimail, spreading "The initial numbers look like people are getting hit pretty hard" Paul Roberts, BOSTON Antivirus companies are warning customers about a new email virus that is spreading on the internet. W32.Mimail is a mass mailing email worm that arrives in email in-boxes disguised as an administrative email sent from an organisation's own administrator. Messages use the subject "Your Account" and contain the virus in an executable attachment called "message.zip." When released, the Mimail virus captures email addresses from a user's hard drive and sends copies of itself out to recipients using a built-in SMTP (Simple Mail Transfer Protocol) engine, according to F-Secure of Helsinki. Companies including Symantec, Network Associates, F-Secure and others issued warnings about Mimail on Friday. Most companies rated the new worm a "medium" level threat, indicating that the worm was infecting customer sites and spreading. Despite the warnings it is still not clear how quickly, or even whether, Mimail is spreading, according to Vincent Gullotto, senior director at Network Associates' McAfee AVERT Labs. "The initial numbers look like people are getting hit pretty hard -- maybe even a high alert," Gullotto says. However, the large number of reports about Mimail may just be evidence of a spam-like initial distribution, or "seeding" of the virus, he says. That would make Mimail similar to another recent email containing a malicious program, Downloader-DI, he says. That virus set up a secret back door on infected machines and downloaded instructions from a hacker website. After flooding email in-boxes in an initial spam distribution, however, Downloader-DI died out when other users failed to open the attachment that installed the Trojan program and replicated the message, Gullotto says. However, the Mimail's spread could also be due to its ability to mask itself as an internal administrative message, tricking users into trusting the message, he says. In addition, Mimail's malicious code is embedded in a compressed format file, making it difficult for some gateway antivirus products to detect the attack, he says. While it appears Mimail simply steals email addresses and sends copies of itself out to unsuspecting users, McAfee AVERT is still studying the virus for other malicious activities such as installing Trojan programs that could allow malicious hackers to gain access to the machine at a later date,' Gullotto says. Antivirus companies, including Network Associates' McAfee antivirus unit, posted updated virus identity files for Mimail Friday and encouraged users to update their antivirus software. Share this post Link to post Share on other sites
A l t e r E g o 9 Posted August 4, 2003 Thanks for the warning. Share this post Link to post Share on other sites
Yillara Skye 1 Posted August 5, 2003 Thank you Lollypop for the warning! Share this post Link to post Share on other sites
Lollypop 0 Posted August 5, 2003 We think that my hubbies daughter has got it. Her machine kept trying to connect to a web site called " Caos ' and the first sign that anything was wrong. Her machine wouldn't shut down, then the sound went, and it became slower, and slower. It's now useless. And she runs Nortons anti virus Share this post Link to post Share on other sites
wookieofborg 0 Posted August 5, 2003 :lol: I'm the computer repair man for our home.. so I need to know this.. which is the best Virus scanner for finding this virus?? :lol: Share this post Link to post Share on other sites
Lollypop 0 Posted August 5, 2003 I always thought that Nortons was the best, but now i'm not so sure. Share this post Link to post Share on other sites
master_q 0 Posted August 7, 2003 I heard this on the news a few days ago One thing that I make sure is that I'm vigilant on what I open. I also make sure my anti-virus and firewall are up-to-date. That’s really all we can really do - be vigilant & stay update on software that tries to prevent these things from happening. Master Q StarTrek_Master_Q@yahoo.com Share this post Link to post Share on other sites