Sophos, a British anti-virus company, is getting worried about the new Mimail worm (W32/Mimail-A), a mass-mailing worm which first struck in
the United States on Friday 1st August. Sophos says it “has received many reports of Mimail infections and anticipates the worm could be one of
the biggest of 2003″.
the United States on Friday 1st August. Sophos says it “has received many reports of Mimail infections and anticipates the worm could be one of
the biggest of 2003″.
The Mimail worm arrives in an email claiming to be from the network administrator. Cunningly, it can even spoof the domain name of the business’s email address. For instance, if the recipient’s email address is John.Smith@ABCLimited.com the email would appear to come from admin@ABCLimited.com.
The message suggests that the recipient’s email account will soon expire and urges them to read the attached information. The attachment, called
‘message.zip’, contains an HTML file which is not a message at all – it is a copy of the worm, which scours the user’s hard disk looking for email addresses for its next round of victims.
‘message.zip’, contains an HTML file which is not a message at all – it is a copy of the worm, which scours the user’s hard disk looking for email addresses for its next round of victims.
More information about the Mimail worm can be found at http://www.sophos.com/virusinfo/analyses/w32mimaila.html.