Mimail-L starts its rounds
By Alun Williams
Posted on 2 Dec 2003 at 11:06
Another variant of the pernicious Mimail worm has been reported in the wild: Mimail-L.
This worm, the variants of which are believed to be the creation of a single author, has previously tried to scan user's financial details, attack anti-spam websites and execute a PayPal related scam. Indeed, a previous Mimail-J was one of the fastest spreading viruses on the Net in November - New Mimail variant spreading fast.
Graham Cluley, Senior Technology Consultant at Sophos told us that Mimail-L follows a similar path. Not only does it use the host computer to launch denial of service attacks against an anti-spam organisation but it also tries to collect credit card information. Sophos calculates that 30 per cent of spam is actually sent from hijacked computer resources.
'Spam is ruining many people's experience of the internet,' said Cluley. 'This worm wages war on the anti-spam community, disrupting their attempts to keep the net spam-free. The most likely conclusion is that the writer of this worm is in some way connected with the spamming community.'
'It would be wrong for anyone to present this kind of virus writing activity as a harmless prank - this is clear criminal activity,' he added.
In a sinister twist, it informs the recipient that their credit card has been debited to pay for the child porn CDs they ordered, and that they must send their credit card details to cancel the transaction.
To start automatically with Windows, the worm modifies the Registry and copies itself as svchost.exe into the Windows folder. It will spread via email, using addresses found on the host computer and which are stored in a file xu298da.tmp, again in the Windows folder.
The Subject field of infected emails is simply 'Re[2]' and the racy message text begins: 'Hi Greg its Wendy
I was shocked, when I found out that it wasn't you but your twin brother!!!'
You can find more information about Mimail-L on the Sophos website.
See also:
New Mimail variant spreading fast
From around the web
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Why virtualisation hasn't slowed the growth of data
- How to make Google AdWords work for your business
- The curse of sloppily written software
- Paying for your crimes with Bitcoin
- Behind the scenes: tech support for Formula 1
- The security risk of fat fingers
- Why Windows Phone 7 isn't quite ready for business
- When will Microsoft stop fiddling with Windows 8?
- Flash down the pan?
- Metro Style apps vs desktop applications
advertisement
Printed from www.pcpro.co.uk