 |
| The Mimail-L worm arrives as a smutty email |
Sophos, a world leader in protecting businesses against viruses
and spam, has revealed that a new variant of the Mimail worm
attempts to knock anti-spam websites off the internet, and may have
been written by a spammer.
The W32/Mimail-L worm spreads
via an extremely graphic email claiming to come from a woman called
Wendy, remembering an erotic encounter and offering naked
photographs. If the worm is activated by an unsuspecting user it
forwards itself on to other email users, and can force unwitting
computers to launch a denial of service (DOS) attack against
websites run by organisations who fight spam.
"Almost everybody recognises that spam is ruining many people's
experience of the internet. This worm wages war on the anti-spam
community, disrupting their attempts to keep the net spam-free. The
most likely conclusion is that the writer of this worm is in some
way connected with the spamming community," said Graham Cluley,
senior technology consultant for Sophos. "It would be wrong for
anyone to present this kind of virus writing activity as a harmless
prank - this is clear criminal activity."
Email sent by the worm begin with the following message, and an
attached ZIP file containing the worm:
Hi Greg its Wendy.
I was shocked, when I found out that it wasn't you but your
twin brother!!! That's amazing, you're as like as two peas. No one
in bed is better than you Greg. I remember, I remember everything
very well, that promised you to tell how it was, I'll give you a
call today after 9.
[The rest of the message degenerates into pornography]
If, for any reason, the worm fails to send the above message
correctly it sends an alternative email (without a viral
attachment) claiming that the recipient's credit card details have
been debited, and that a selection of child porn CDs will be
delivered via the post. In a further attack on the anti-spam
community users are given an email address at an anti-spam
organisation if they wish to cancel the orders for the illegal and
offensive material.
Anti-spam websites on the virus's list for a denial of service
attack include those operated by SpamCop, SPEWS and The Spamhaus
Project. Other websites targeted include Disney's Go website.
Other variants of the Mimail worm which are spreading widely on
the internet pose as "private photos" taken at the beach. These
variants target a number of different websites with denial of
service attacks.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.