Educause Security Discussion mailing list archives
advisory regarding MiMail
From: Doug Pearson <dodpears () INDIANA EDU>
Date: Tue, 4 Nov 2003 12:28:23 -0500
From the DHS/IAIP Open Source report: November 03, vnunet.com Destructive MiMail variant hits Web. Antivirus firms have warned of a destructive worm that has just emerged in the wild. The W32/Mimail.c@MM, also known as Mimail.c, is a dangerous worm that bears similarities to W32MiMail@MM. Mimail.c contains its own SMTP engine for constructing messages, and mails itself as a zip or upx attachment. After being executed, Mimail.c e-mails itself out as an attachment with the filename 'Photos.zip'. Target e-mail addresses are harvested from the victim's machine and are written to the file eml.tmp in WinDir. Users should immediately delete any email containing the following 1) Subject: Re[2]: our private photos [plus additional spaces then random characters] 2) Attachment: 'photos.zip' (12,958 bytes) which contains 'photos.jpg.exe' (12,832 bytes). Also, in a bid to make the virus e-mails less conspicuous, the 'From' address of infected outgoing messages may be spoofed with james@(target domain.com) - for example, james () abc com. Source: http://www.vnunet.com/News/1146971 ---- Doug Pearson; Indiana University; dodpears () indiana edu Phone: 812-855-3846; ViDeNet: 0018128553846 PGP: http://mypage.iu.edu/~dodpears/dodpears_pubkey.asc ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- advisory regarding MiMail Doug Pearson (Nov 04)