high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Protection available since | 31 October 2003 13:11:28 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
Please read the instructions for removing W32/Mimail-C.
More Information
W32/Mimail-C is a worm that spreads via email using adresses harvested from the hard drive of the infected computer. All email addresses found on the computer are saved in a file eml.tmp in the Windows folder.
The emails sent by the worm have the following characteristics:
Subject line: Re[2]: our private photos <random letters>
Message text:
Hello Dear!
Finaly i've found possibility to right u, my lovely girl :)
All our photos which i've made at the beach (even when u're without ur bh:))
photos are great! This evening i'll come and we'll make the best SEX :)
Right now enjoy the photos.
Kiss, James.
Attached file: photos.zip
W32/Mimail-C spoofs the From field of the sent emails using the email address james@<your domain>.
Photos.zip is a compressed file which contains an executable file named photos.jpg.exe.
While searching for email addresses in files on the local hard drive W32/Mimail-C attempts to exclude the following extensions from the search:
- AVI
- BMP
- CAB
- COM
- DLL
- EXE
- GIF
- JPG
- MP3
- MPG
- OCX
- PSD
- RAR
- TIF
- VXD
- WAV
- ZIP
W32/Mimail-C can launch a denial of service attack against the websites www.darkprofits.com and www.darkprofits.net W32/Mimail-C is a worm that spreads via email using adresses harvested from the hard drive of the infected computer. All email addresses found on the computer are saved in a file eml.tmp in the Windows folder.
In order to run automatically when Windows starts up W32/Mimail-C copies itself to the file netwatch.exe in the Windows folder and adds the following registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NetWatch32
The emails sent by the worm have the following characteristics:
Subject line: Re[2]: our private photos <random letters>
Message text:
Hello Dear!
Finaly i've found possibility to right u, my lovely girl :)
All our photos which i've made at the beach (even when u're without ur bh:))
photos are great! This evening i'll come and we'll make the best SEX :)
Right now enjoy the photos.
Kiss, James.
Attached file: photos.zip
W32/Mimail-C spoofs the From field of the sent emails using the email address james@<your domain>.
Photos.zip is a compressed file which contains an executable file named photos.jpg.exe.
While searching for email addresses in files on the local hard drive W32/Mimail-C attempts to exclude the following extensions from the search:
- AVI
- BMP
- CAB
- COM
- DLL
- EXE
- GIF
- JPG
- MP3
- MPG
- OCX
- PSD
- RAR
- TIF
- VXD
- WAV
- ZIP
W32/Mimail-C can launch a denial of service attack against the websites www.darkprofits.com and www.darkprofits.net
|
