Ian
Stole All the Forum Stars
Good things come to those who wait ...
Posts: 2913
|
 |
W32/Mimail.J.worm
« on: Nov 22nd, 2003, 6:43pm » |
 Quote  Modify
|
Mimail.J (W32/Mimail.J.worm) is causing further incidents among users. This worm steals confidential information from the computers it infects and sends it out via e-mail.
The J variant of Mimail spreads via e-mail in a message with the subject 'IMPORTANT' and an attached file called www.paypal.com.pif. When it is run, this malicious code shows an image on screen that simulates the home window of a financial entity. Then, Mimail.J collects the information entered by the user and sends it out via e-mail.
After infecting a computer, this worm looks for e-mail addresses in all the files that do not have any of the following extensions: COM, WAV, CAB, PDF, RAR, ZIP, TIF, PSD, OCX, VXD, MP3, MPG, AVI, DLL, EXE, GIF, JPG and BMP, and saves them in a file called el388.tmp. Mimail.J then sends itself out to all the addresses it has found, using its own SMTP engine.
Mimail.J connects to the IP address 212.5.86.163, which belongs to a Russian e-mail server. This worm uses so-called 'social engineering' techniques to trick users and spread to as many computer as possible, like the I variant, the message carrying Mimail.J refers to the PAYPAL payment system.
|
Mischel Internet Security Forum
Reply
Notify of replies
Send Topic
Print
Author
IP Logged
Search
Members
Login
Register