02 Sep 2003
Mimail email worm still causing problems one month on, says Sophos Anti-Virus
Sophos, a global leader in anti-virus protection for businesses, has warned computer users that the W32/Mimail-A mass-mailing worm is still causing problems a month after it was first seen.
The Mimail worm arrives in an email claiming to be from the user's administrator, suggesting that your email account will shortly expire. It urges the user to read an attached file called message.zip. If the virus contained within is launched it searches the hard drive, scooping up email addresses to pass itself onto.
"Recent large scale worms such as Blaster, Nachi and Sobig-F, as well as the arrest of suspected virus writers, have been getting most of the headlines," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "But just because you have protection and patches against those viruses in place does not mean you should lower your guard against other threats. Practise safe computing and keep your computer virus-free all year round - not just when the newspapers are full of virus scare stories."
Sophos has been protecting users against W32/Mimail-A since 1 August 2003.
Sophos offers the following advice to administrators:
- Ensure your anti-virus software is up-to-date, both at the gateway and the desktop. Prevention is always better than cure.
- Consider setting up an unattended, automatic anti-virus updating system such as Sophos Enterprise Manager.
- If you have a gateway product such as Sophos MailMonitor for SMTP, consider blocking emails with subject lines starting "your account". W32/Mimail-A always uses this text.
- If you use Microsoft products for mail and web access, make sure you have the latest security updates. Microsoft issued a patch months ago to protect against the HTML exploit used by this worm. Microsoft has also published step-by-step instructions for home users on how to help protect their computers with critical updates.
- IT managers responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.asp . Other vendors offer similar services.
- Never use attachments to disseminate information when plain text would be sufficient. This will make your users more cautious when they receive emails such as the ones generated by W32/Mimail-A.
Further reading: Safe computing advice from Sophos.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.