advisory regarding MiMail

[Doug Pearson <dodpears () INDIANA EDU>]

 From the DHS/IAIP Open Source report:

November 03, vnunet.com — Destructive MiMail variant hits Web. Antivirus firms have warned of a destructive worm that 
has just emerged in the wild. The W32/Mimail.c@MM, also known as Mimail.c, is a dangerous worm that bears similarities 
to W32MiMail@MM. Mimail.c contains its own SMTP engine for constructing messages, and mails itself as a zip or upx 
attachment. After being executed, Mimail.c e-mails itself out as an attachment with the filename 'Photos.zip'. Target 
e-mail addresses are harvested from the victim's machine and are written to the file eml.tmp in WinDir. Users should 
immediately delete any email containing the following 1) Subject: Re[2]: our private photos [plus additional spaces 
then random characters] 2) Attachment: 'photos.zip' (12,958 bytes) which contains 'photos.jpg.exe' (12,832 bytes). 
Also, in a bid to make the virus e-mails less conspicuous, the 'From' address of infected outgoing messages may be 
spoofed with james@(target domain.com) - for example, james () abc com.

Source: http://www.vnunet.com/News/1146971



----
Doug Pearson; Indiana University; dodpears () indiana edu
Phone: 812-855-3846; ViDeNet: 0018128553846
PGP: http://mypage.iu.edu/~dodpears/dodpears_pubkey.asc

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.