Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

mimail trojan horses [WAS: Re: Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES]

From: Gadi Evron <ge () linuxbox org>
Date: Fri, 14 Nov 2003 11:12:32 -0800
Actually the answer just came right now:
http://www.sophos.com/virusinfo/analyses/w32mimaili.html
W32/Mimail-I is a worm which spreads via email using addresses harvested from the hard drive of your computer. All email addresses found on your PC are saved in a file named el388.tmp in the Windows folder. In order to run itself automatically when Windows starts up the worm copies itself to the file svchost32.exe in the Windows folder and adds the following registry entry:
mimial has been making rounds for a while now. I doubt it's the last variant we'll see. 
The author sure is consistent though.
--
      Gadi Evron,
      ge () linuxbox org.

The Trojan Horses Research mailing list - http://ecompute.org/th-list

My resume (Hebrew) - http://vapid.reprehensible.net/~ge/resume.rtf

PGP key for ge () linuxbox org -
http://vapid.reprehensible.net/~ge/Gadi_Evron.asc
Note: this key is used mainly for files and attachments, I sign email messages using: 
http://vapid.reprehensible.net/~ge/Gadi_Evron_sign.asc


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: