Sophos is urging UK firms to take immediate action against the
new Mimail worm
(W32/Mimail-A), a mass-mailing virus which first struck in the
United States on Friday 1 August. Sophos has received many reports
of Mimail infections and anticipates the worm could be one of the
biggest of 2003.
Sophos's UK customer support team has seen a heavy increase in
the number of reported infections since UK businesses reopened on
Monday 4 August. This suggests that employees have come to work on
Monday morning, opened the offending email - which claims to be
from their IT department - causing it to propagate to all their
email contacts.
"The Mimail worm is getting a second lease of life as UK
businesses log on to start a new working week," said Graham Cluley,
senior technology consultant, Sophos Anti-Virus. "While US firms
have been patching their systems against this threat, their UK
counterparts have been enjoying a sunny weekend, blissfully unaware
that a virus is sitting on their email system just waiting to be
unleashed. Businesses need to seriously consider switching to
automatic anti-virus updates which can be pushed out proactively as
soon as a new virus hits."
The Mimail worm arrives in an email claiming to be from the
network administrator. Cunningly, it can even spoof the domain name
of the business's email address. For instance, if the recipient's
email address is John.Smith@ABCLimited.com the email would appear
to come from admin@ABCLimited.com.
The message suggests that the recipient's email account will
soon expire and urges them to read the attached information. The
attachment, called 'message.zip', contains an HTML file which is
not a message at all - it is a copy of the worm, which scours the
user's hard disk looking for email addresses for its next round of
victims.
"Mimail's author has gone to great lengths to disguise his code
as a legitimate email," continued Cluley. "However Mimail's text
does leave a vital clue that it is a rogue email - business email
accounts don't usually expire in this way. Users need to think
carefully before they launch any attachment, even if it does appear
to come from a bona fide email address."
The Mimail worm works by exploiting an old vulnerability in the
Microsoft operating system. A patch against this vulnerability has
been available to download for months. Once the patch is applied,
networks will be immune from infection from Mimail.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.