Destructive MiMail variant hits web

Antivirus firms have warned of a 'destructive' worm that has just emerged in the wild.

The W32/Mimail.c@MM, also known as Mimail.c, is a dangerous worm that bears similarities to W32MiMail@MM.

But according to McAfee's Anti-Virus Emergency Response Team (Avert), this variant does not use the codebase MS02-015 and MHTML (MS03-014) exploits against Microsoft Windows operating systems employed by previous variants.

Instead, Mimail.c contains its own SMTP engine for constructing messages, and mails itself as a zip or upx attachment.

The symptoms of the virus are relatively easy to spot: infected users may notice excessive activity from their machine, or a possible lag in usage. This can occur from the mass-mailing component or from the secondary actions of the virus as it sends data to a remote site.

After being executed, Mimail.c emails itself out as an attachment with the filename 'Photos.zip'. Target email addresses are harvested from the victim's machine and are written to the file eml.tmp in WinDir.

Testing shows that the worm is overly lax in identifying valid email addresses. As a result, messages are likely to be sent to invalid recipients.

Users should immediately delete any email containing the following:

Subject:
Re[2]: our private photos [plus additional spaces then random characters].

Attachment:
'photos.zip' (12,958 bytes) which contains 'photos.jpg.exe' (12,832 bytes).

Message Body:
Hello Dear!,
Finally, i've found possibility to right u, my lovely girl :)
All our photos which i've made at the beach (even when u're withou ur bh:))
photos are great! This evening i'll come and we'll make the best SEX :)
Right now enjoy the photos.
Kiss, James.

McAfee warned that, in a bid to make the virus emails less conspicuous, the 'From' address of infected outgoing messages may be spoofed with james@(target domain.com) - for example, james@abc.com.

Immediate information and cures for this virus are offerd online by a number of antivirus firms, including Network Associates' Avert service.

See also:

Mimail mutant maximises Mydoom misery

Double whammy as Mimail.S variant adds to worldwide devastation  30 Jan 2004

Worm variant targets PayPal users

Credit card harvester 'MiMail I' spreading worldwide  14 Nov 2003

Bug busters: keeping your PC virus free

With more computer viruses reported every day, it may seem like we're fighting a losing battle but there are plenty of simple ways to keep your PC safe from harm. Let us show you how.  29 Oct 2003

Bugwatch: All hail the virus researcher

In praise of unsung antivirus heroes  21 Oct 2003

Don't rely on Microsoft AV, warns analyst

Gartner advises companies not to bank on future Windows OS for virus protection  17 Sep 2003

How should virus writers be punished?

Tell us your views  16 Sep 2003

Viruses are here to stay

Thanks partly to human nature, we can expect no relief from virus attacks. It may never be safe to lower our guard  09 Sep 2003

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!