Mimail worms launch attacks against anti-spam websites, says Sophos

November 03, 2003 Sophos Press Release

Sophos, a world leader in protecting businesses against viruses and spam, has revealed that new variants of the Mimail worm launch an attack against anti-spam websites.

The W32/Mimail-E and W32/Mimail-H worms spread via email and - if launched by an unsuspecting user - can force unwitting computers to launch a denial of service (DOS) attack against websites run by organisations who fight spam. Websites attacked by the viruses, include those operated by SpamCop, SPEWS and The Spamhaus Project.

"These variants of the Mimail worm are attempting to knock these anti-spam resources off the internet - it's a clear attack on everyone who is trying to use internet email for legitimate purposes," said Graham Cluley, senior technology consultant for Sophos. "Are the people who fill everyone's email inboxes with spam also behind these viruses? It's hard to know for certain. But it's clear that these worms are doing nothing to help reduce the problem of unsolicited email."

The worms arrive in the form of an email inviting the recipient to a date or meeting that evening:

Will meet tonight as we agreed, because on Wednesday I don't think I'll make it, so don't be late. And yes, by the way here is the file you asked for. It's all written there. See you.

Sophos has been capable of detecting the W32/Mimail-E worm since Sunday 2 November 2003. W32/Mimail-H has been protected against since Monday 3 November 2003. Other variants of the Mimail worm which are spreading widely on the internet pose as "private photos" taken at the beach. These variants target a number of different websites with denial of service attacks.