WORM_MIMAIL.H - Description and solution

WORM_MIMAIL.H

Overview

Solution

Technical Details

Malware type: Worm

Aliases: W32.Mimail.C@mm, W32/Mimail.H@mm, Win32.HLLM.Foo, Mimail.H@mm, Win32:MiMail-E3 [Wrm]

In the wild: No

Destructive: Yes

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		High
Distribution potential:		High

Description:

This memory-resident worm is proactively detected as WORM_MIMAIL.GEN.

It propagates via email using its own Simple Mail Transfer Protocol (SMTP) engine. It sends the following email:

From: john@<recipient's domain name>
Subject: don't be late <random string>
Message Body: Will meet tonight as we agreed, because on Wednesday I don't think I'll make it,
so don't be late. And yes, by the way here is the file you asked for. It's all written there. See you.
<random string>
Attachment: readnow.zip

This worm attacks the following sites:

www.spamhaus.org
www.spews.org

It runs on Windows 95, 98, ME, NT, 2000, and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: Nov. 3, 2003 2:06:50 AM GMT -0800
Description updated: Nov. 4, 2003 11:27:48 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.