W32/Mimail-C

Catégorie: Virus et spywares Protection disponible depuis:31 oct. 2003 00:00:00 (GMT)
Type: Win32 worm Dernière mise à jour :31 oct. 2003 00:00:00 (GMT)
Prévalence:

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

W32/Mimail-C is a worm that spreads via email using adresses harvested from the hard drive of the infected computer. All email addresses found on the computer are saved in a file eml.tmp in the Windows folder.

The emails sent by the worm have the following characteristics:
Subject line: Re[2]: our private photos <random letters>
Message text:
Hello Dear!

Finaly i've found possibility to right u, my lovely girl :)
All our photos which i've made at the beach (even when u're without ur bh:))
photos are great! This evening i'll come and we'll make the best SEX :)

Right now enjoy the photos.

Kiss, James.
Attached file: photos.zip

W32/Mimail-C spoofs the From field of the sent emails using the email address james@<your domain>.

Photos.zip is a compressed file which contains an executable file named photos.jpg.exe.

While searching for email addresses in files on the local hard drive W32/Mimail-C attempts to exclude the following extensions from the search:

  • AVI

  • BMP

  • CAB

  • COM

  • DLL

  • EXE

  • GIF

  • JPG

  • MP3

  • MPG

  • OCX

  • PDF

  • PSD

  • RAR

  • TIF

  • VXD

  • WAV

  • ZIP


W32/Mimail-C can launch a denial of service attack against the websites www.darkprofits.com and www.darkprofits.net W32/Mimail-C is a worm that spreads via email using adresses harvested from the hard drive of the infected computer. All email addresses found on the computer are saved in a file eml.tmp in the Windows folder.

In order to run automatically when Windows starts up W32/Mimail-C copies itself to the file netwatch.exe in the Windows folder and adds the following registry entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NetWatch32

The emails sent by the worm have the following characteristics:
Subject line: Re[2]: our private photos <random letters>
Message text:
Hello Dear!

Finaly i've found possibility to right u, my lovely girl :)
All our photos which i've made at the beach (even when u're without ur bh:))
photos are great! This evening i'll come and we'll make the best SEX :)

Right now enjoy the photos.

Kiss, James.
Attached file: photos.zip

W32/Mimail-C spoofs the From field of the sent emails using the email address james@<your domain>.

Photos.zip is a compressed file which contains an executable file named photos.jpg.exe.

While searching for email addresses in files on the local hard drive W32/Mimail-C attempts to exclude the following extensions from the search:

  • AVI

  • BMP

  • CAB

  • COM

  • DLL

  • EXE

  • GIF

  • JPG

  • MP3

  • MPG

  • OCX

  • PDF

  • PSD

  • RAR

  • TIF

  • VXD

  • WAV

  • ZIP


W32/Mimail-C can launch a denial of service attack against the websites www.darkprofits.com and www.darkprofits.net

download Essayez les produits Sophos gratuitement
Téléchargez maintenant

© 1997 - 2012 Sophos Ltd. Tous droits réservés. Mentions légales Confidentialité