02 Sep 2003
Mimail email worm still causing problems one month on, says Sophos Anti-Virus
Sophos, a global leader in anti-virus protection for businesses,
has warned computer users that the W32/Mimail-A mass-mailing
worm is still causing problems a month after it was first seen.
The Mimail worm arrives in an email claiming to be from the
user's administrator, suggesting that your email account will
shortly expire. It urges the user to read an attached file called
message.zip. If the virus contained within is launched it searches
the hard drive, scooping up email addresses to pass itself
onto.
"Recent large scale worms such as Blaster, Nachi and Sobig-F, as well as the
arrest of
suspected virus writers, have been getting most of the headlines,"
said Graham Cluley, senior technology consultant for Sophos
Anti-Virus. "But just because you have protection and patches
against those viruses in place does not mean you should lower your
guard against other threats. Practise safe computing and keep your
computer virus-free all year round - not just when the newspapers
are full of virus scare stories."
Sophos has been protecting users against W32/Mimail-A since 1
August 2003.
Sophos offers the following advice to administrators:
- Ensure your anti-virus software is up-to-date, both at the
gateway and the desktop. Prevention is always better than
cure.
- Consider setting up an unattended, automatic anti-virus
updating system such as Sophos Enterprise
Manager.
- If you have a gateway product such as Sophos MailMonitor for SMTP, consider blocking
emails with subject lines starting "your account". W32/Mimail-A
always uses this text.
- If you use Microsoft products for mail and web access, make
sure you have the latest security updates. Microsoft issued a
patch months ago to protect against the
HTML exploit used by this worm. Microsoft has also published
step-by-step instructions for home users
on how to help protect their computers with critical updates.
- IT managers responsible for security should consider
subscribing to vulnerability mailing lists such as that operated by
Microsoft at www.microsoft.com/technet/security/bulletin/notify.asp
. Other vendors offer similar services.
- Never use attachments to disseminate information when plain
text would be sufficient. This will make your users more cautious
when they receive emails such as the ones generated by
W32/Mimail-A.
Further reading:Safe computing
advice from Sophos.
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.