Posted: 04th Aug, 2003 By: Anne
Earlier today a virus warning was posted on NTLs forums (nthellworld.com) regarding an infection spreading through their customers. StevieB posted the first warning about the virus, but was soon followed by other areas having reports. By lunch time it had increased to over 20 in one area alone.
The virus, Mimail, arrived in customer inbox's posing as coming from the sysadmin or ISP, the email warns the customer their email address is about to expire. It has an attachment, a zip file, that when opened releases the virus.
New Virus Warning
Aug 1st, 2003
WORM_MIMAIL.A
Watch out for emails containing the subject "Your Account (random text here). The body contains text telling you your email address is about to expire and asks you to read the attachment for details.
make sure your AV software is up to date.
It's been rated as a Yellow alert. The register has also reported about this virus today .
This file contains an embedded EXE file, when opened in vulnerable versions of Internet Explorer, will drop an executable named foo.exe and run it. More information on the IE MHTML vulnerability used here can be found in an April 2003 advisory by Microsoft.
On infected machines, the virus searches for email addresses on a user's hard drive. Mimail uses its own SMTP server to spread sending copies of the malicious code to email addresses harvested from an infected PCs.
Mimail also has a backdoor component. The virus attempts to send data from a victim's machine to certain email addresses, coded into Mimail.More @ The Register