New e-mail worm, W32.Mimail, spreading

Antivirus companies warned customers Friday about a new e-mail virus that is spreading on the Internet.

W32.Mimail is a mass mailing e-mail worm the arrives in e-mail in-boxes disguised as an administrative e-mail sent from an organization's own administrator.

Messages use the subject "Your Account" and contain the virus in an executable attachment called "message.zip."

When released, the Mimail virus captures e-mail addresses from a user's hard drive and sends copies of itself out to recipients using a built-in SMTP (Simple Mail Transfer Protocol) engine, according to F-Secure Corp. of Helsinki.

Companies including Symantec Corp., Network Associates Inc., F-Secure and others issued warnings about Mimail on Friday.

Most companies rated the new worm a "medium" level threat, indicating that the worm was infecting customer sites and spreading.

Despite the warnings it is still not clear how quickly, or even whether, Mimail is spreading, according to Vincent Gullotto, senior director at Network Associates' McAfee AVERT Labs.

"The initial numbers look like people are getting hit pretty hard -- maybe even a high alert," Gullotto said.

However, the large number of reports about Mimail may just be evidence of a spam-like initial distribution, or "seeding" of the virus, he said.

That would make Mimail similar to another recent e-mail containing a malicious program, Downloader-DI, he said.

That virus set up a secret back door on infected machines and downloaded instructions from a hacker Web site.

After flooding e-mail in-boxes in an initial spam distribution, however, Downloader-DI died out when other users failed to open the attachment that installed the Trojan program and replicated the message, Gullotto said.

However, the Mimail's spread could also be due to its ability to mask itself as an internal administrative message, tricking users into trusting the message, he said.

In addition, Mimail's malicious code is embedded in a compressed format file, making it difficult for some gateway antivirus products to detect the attack, he said.

While it appears Mimail simply steals e-mail addresses and sends copies of itself out to unsuspecting users, McAfee AVERT is still studying the virus for other malicious activities such as installing Trojan programs that could allow malicious hackers to gain access to the machine at a later date,' Gullotto said.

Antivirus companies, including Network Associates' McAfee antivirus unit, posted updated virus identity files for Mimail Friday and encouraged users to update their antivirus software.

Join the PC World newsletter!

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Roberts

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?