Quantcast
PCWorld.com is upgrading some back-end systems. Some site features, such as user registration, may be temporarily unavailable.
Subscribe to magazine

New E-Mail Worm Inching Across Net

W32.Mimail tricks users by masking itself as an internal administrative message.

Paul Roberts, IDG News Service

  • 0 Yes
  • 0 No

Antivirus companies warned customers Friday about a new e-mail virus that is spreading on the Internet.

W32.Mimail is a mass mailing e-mail worm the arrives in e-mail in-boxes disguised as an administrative e-mail sent from an organization's own administrator.

Messages use the subject "Your Account" and contain the virus in an executable attachment called "message.zip."

When released, the Mimail virus captures e-mail addresses from a user's hard drive and sends copies of itself out to recipients using a built-in SMTP (Simple Mail Transfer Protocol) engine, according to F-Secure of Helsinki.

Companies including Symantec, Network Associates, F-Secure, and others issued warnings about Mimail on Friday.

Most companies rated the new worm a "medium" level threat, indicating that the worm was infecting customer sites and spreading.

High Alert?

Despite the warnings, it is still not clear how quickly, or even whether, Mimail is spreading, according to Vincent Gullotto, vice president of Network Associates' McAfee AVERT Labs.

"The initial numbers look like people are getting hit pretty hard--maybe even a high alert," Gullotto said.

However, the large number of reports about Mimail may just be evidence of a spam-like initial distribution, or "seeding" of the virus, he said.

That would make Mimail similar to another recent e-mail containing a malicious program, Downloader-DI, he said.

The Downloader-DI virus set up a secret back door on infected machines and downloaded instructions from a hacker Web site.

After flooding e-mail in-boxes in an initial spam distribution, however, Downloader-DI died out when other users failed to open the attachment that installed the Trojan program and replicated the message, Gullotto said.

Investigating Effects

Mimail's spread could also be due to its ability to mask itself as an internal administrative message, tricking users into trusting the message, he said.

In addition, Mimail's malicious code is embedded in a compressed format file, making it difficult for some gateway antivirus products to detect the attack, he said.

While it appears Mimail simply steals e-mail addresses and sends copies of itself out to unsuspecting users, McAfee AVERT is still studying the virus for other malicious activities such as installing Trojan programs that could allow malicious hackers to gain access to the machine at a later date, Gullotto said.

Antivirus companies, including Network Associates' McAfee antivirus unit, posted updated virus identity files for Mimail Friday and encouraged users to update their antivirus software.

  • Recommend this story?
  • 0 Yes
    0 No
 

Featured APC Accessories

  • APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
  • APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.

People who read this also read:

  • 15 Minutes to a Secure Business Get the Secure in 15 toolkit starting with the "15 Minutes Month-at-a-Glance" calendar. McAfee will send you additional tools and tricks to stay protected around the clock.
  • A Buyer's Guide to Data Protection Implementing data protection products and processes can be daunting. Make the right decisions by exploring what is available and what makes sense for your organization. Use this simple guide to evaluate different vendor offerings.

Sponsored Links