Re: WORM_MIMAIL.A Anyone have any info on what this does yet?


Welcome to the Virus.Org Mailing List Archive

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

To: Danny <[EMAIL PROTECTED]>
Subject: Re: WORM_MIMAIL.A Anyone have any info on what this does yet?
From: "Scott M. Algatt" <[EMAIL PROTECTED]>
Date: Fri, 1 Aug 2003 14:32:16 -0400 (EDT)
Cc: [EMAIL PROTECTED]
In-reply-to: <[EMAIL PROTECTED]>
Reply-to: "Scott M. Algatt" <[EMAIL PROTECTED]>

SUBJECT: WORM ALERT:  Mimail

This is a very new category 3 (moderate) worm.  It is prevalent within
DLA.

The worm attempts to exploit a vulnerability in Internet Explorer which
allows a script to execute in the local computer.  Systems can be easily
examined to know if the system has been patched by opening Internet
Employer, click on Help, click on About Internet Explorer, and look for
this patch number Q319182 or a monthly IE cumulative patch like Q818529
under Updated Versions.  Remember, MS sends out IE cumulative patches
about every month.  Any IE cumulative patch since this vulnerability
will also include the patch for this specific vulnerability. Systems
will be deemed infected if a user executes the .zip file and their
system does not have this vulnerability patched.

Sender:  (spoofed)
Subject:  your account
Attachment:   message. zip
Body:
Hello there,
I would like to inform you about important information regarding your
email address. This email address will be expiring.
Please read attachment for details.
---
Best regards, Administrator

For further information regarding this worm:
http://www.symantec.com/avcenter/vinfodb.html#threat_list
http://vil.nai.com/vil/default.asp
http://www.trendmicro.com/vinfo/

Symantec's definition files with version number greater than 50801e,
1Aug03
ver 5 will protect against this Worm.  No information is available yet
from
McAfee or TrendMicro.

Download web sites:
http://www.cert.mil
http://securityresponse.symantec.com/
http://wwwmcafeeb2b.com/naicommon/download/dats/find.asp
http://www.trendmicro.com/download/

Name: [EMAIL PROTECTED]
Category: 3
Virus Definitions: August 1, 2003 (US Pacific Time)
Type: Worm
Aliases: WORM_MIMAIL.A [Trend]

Symantec Security Response is currently analyzing a new worm which
spreads
via email. The email will have the following characteristics:

Subject: your account %s
Attachment: message.zip

Note: %s refers to a variable string.

This worm attempts to exploit a vulnerability in Internet Explorer which
allows a script to execute in the Local computer. See the following for
more
information:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-015.asp

Additional information will be provided as analysis continues.

Detection will be available in virus definitions of 8/1/2003 with a
version
number greater than 50801e, or August 1, 2003 ver 5.
  ----------
For additional information, visit our website at
http://securityresponse.symantec.com

-- 

Scott M. Algatt

Behold the turtle. He makes progress only when he sticks his neck out.

On Fri, 1 Aug 2003, Danny wrote:

> We are getting flooded with these little puppies, does anyone have any
> additional info on what this thing does once it infects a host?

---------------------------------------------------------------------------
----------------------------------------------------------------------------

References:
- WORM_MIMAIL.A Anyone have any info on what this does yet?
  - From: Danny

Prev by Date: RE: WORM_MIMAIL.A Anyone have any info on what this does yet?
Next by Date: Re: WORM_MIMAIL.A Anyone have any info on what this does yet?
Previous by thread: WORM_MIMAIL.A Anyone have any info on what this does yet?
Next by thread: Re: WORM_MIMAIL.A Anyone have any info on what this does yet?
Index(es):
- Main
- Thread

Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.