Ian
Stole All the Forum Stars
Good things come to those who wait ...
Posts: 2913
|
W32/Mimail.I.worm. I wonder if there'll be a race to see who can come up with a 'Z' variant of something?
This variant, like its predecessors, is designed to spread rapidly in e-mail messages that use so-called social engineering techniques to trick users and infect their computers. In this particular case, the message refers to the PAYPAL payment system.
Mimail.I arrives in an e-mail with the subject: YOUR PAYPAL.COM ACCOUNT EXPIRES, while the message text tells users that they should update their PAYPAL account as it is about to expire.
The attachment that accompanies the message is called either w w w.paypal.com.scr or paypal.asp.scr. If the user runs the file, Mimail.I searches the computer for e-mail addresses in all files on the computer with extensions other than: COM, WAV, CAB, PDF, RAR, ZIP, TIF, PSD, OCX, VXD, MP3, MPG, AVI, DLL, EXE, GIF, JPG and BMP. These addresses are stored in a file called el388.tmp. The worm then uses its own SMTP engine to send itself to these addresses, without the user being aware of what's happening.
Mimail.I generates other files (EE98AF.TMP and SVCHOST32.EXE) in the computer, which are really copies of the worm itself.
Finally, creates a Windows registry entry in order to ensure it is run every time the system is started up.
Mimail.I is the latest in a string of variants that have appeared over the last few weeks. It would therefore seem that the author or authors of these viruses want to spread as many worms as possible in order to increase the probability of a computer being hit by a variant of Mimail.
|
Mischel Internet Security Forum
Reply
Notify of replies
Send Topic
Print
Author
Quote
Modify
IP Logged
Search
Members
Login
Register