Security news2 December 2003
Adult Mimail-L worm wages war on anti-spam websites, Sophos comments
 |
| The Mimail-L worm arrives as a smutty email |
Sophos, a world leader in protecting businesses against viruses and spam, has revealed that a new variant of the Mimail worm attempts to knock anti-spam websites off the internet, and may have been written by a spammer.
The W32/Mimail-L worm spreads via an extremely graphic email claiming to come from a woman called Wendy, remembering an erotic encounter and offering naked photographs. If the worm is activated by an unsuspecting user it forwards itself on to other email users, and can force unwitting computers to launch a denial of service (DOS) attack against websites run by organisations who fight spam.
"Almost everybody recognises that spam is ruining many people's experience of the internet. This worm wages war on the anti-spam community, disrupting their attempts to keep the net spam-free. The most likely conclusion is that the writer of this worm is in some way connected with the spamming community," said Graham Cluley, senior technology consultant for Sophos. "It would be wrong for anyone to present this kind of virus writing activity as a harmless prank - this is clear criminal activity."
Email sent by the worm begin with the following message, and an attached ZIP file containing the worm:
Hi Greg its Wendy.
I was shocked, when I found out that it wasn't you but your twin brother!!! That's amazing, you're as like as two peas. No one in bed is better than you Greg. I remember, I remember everything very well, that promised you to tell how it was, I'll give you a call today after 9.
[The rest of the message degenerates into pornography]
If, for any reason, the worm fails to send the above message correctly it sends an alternative email (without a viral attachment) claiming that the recipient's credit card details have been debited, and that a selection of child porn CDs will be delivered via the post. In a further attack on the anti-spam community users are given an email address at an anti-spam organisation if they wish to cancel the orders for the illegal and offensive material.
Anti-spam websites on the virus's list for a denial of service attack include those operated by SpamCop, SPEWS and The Spamhaus Project. Other websites targeted include Disney's Go website.
Other variants of the Mimail worm which are spreading widely on the internet pose as "private photos" taken at the beach. These variants target a number of different websites with denial of service attacks.
