Mimail Worm Appears to Come from User's Own Administrator
- By Scott Bekker
Anti-virus vendors released a flurry of warnings over the weekend about a new e-mail worm called Mimail that is spreading in the wild. Symantec rated the virus as a 3 on its threat scale, a medium ranking that puts Mimail below only Bugbear on its current list of top virus threats.
Several vendors have published removal tools. Symantec's is available here.
Mimail arrives as an e-mail with "your account" in the subject line and an attachment called message.zip. The message appears to come from the e-mail address "admin" within the user's own domain.
When run, the attachment copies an executable to the hard drive, enters itself into the registry to run at startup and collects e-mail addresses from files all over the computer. It uses its own SMTP server to spread by e-mail, and it captures text from specific windows and sends them to e-mail addresses contained within the worm.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.