Virus alert: Mimail.J worm - Democratic Underground

Prisoner_Number_Six

(1000+ posts) Send PM | Profile | Ignore

Tue Nov-18-03 11:41 PM
Original message

Virus alert: Mimail.J worm

Posted in GD as a public service.

The poster is not an employee of, or in any way associated with Panda Software.
---

Panda Software reports the appearance of the Mimail.J worm

Virus Alerts, by Panda Software (http://www.pandasoftware.com)

Madrid, November 18, 2003 - PandaLabs has detected the appearance of a new worm called Mimail.J (W32/Mimail.J.worm), which is already causing incidents among users. This worm steals confidential information from the computers it infects and sends it out via e-mail.

The J variant of Mimail spreads via e-mail in a message with the subject 'IMPORTANT' and an attached file called w w w.paypal.com.pif. When it is run, this malicious code shows an image on screen that simulates the home window of a financial entity. Then, Mimail.J collects the information entered by the user and sends it out via e-mail.

After infecting a computer, this worm looks for e-mail addresses in all the files that do not have any of the following extensions: COM, WAV, CAB, PDF, RAR, ZIP, TIF, PSD, OCX, VXD, MP3, MPG, AVI, DLL, EXE, GIF, JPG and BMP, and saves them in a file called el388.tmp. Mimail.J then sends itself out to all the addresses it has found, using its own SMTP engine.

Mimail.J connects to the IP address 212.5.86.163, which belongs to a Russian e-mail server. This worm uses so-called 'social engineering' techniques to trick users and spread to as many computer as possible, like the I variant, the message carrying Mimail.J refers to the PAYPAL payment system.

Due to the incidents received involving Mimail.J and the possibility of an increase in the number of infections caused by this worm, Panda Software advises users to treat all e-mails received with caution, and to update their antivirus solutions if they haven't already done so. The company has already made the updates to its products available to users to ensure their solutions can detect and eliminate Mimail.J. Those whose software is not configured to update automatically, should update their solutions from http://www.pandasoftware.com/

Users can also scan their computers using the free, online antivirus, Panda ActiveScan, which is available on the company's website at http://www.pandasoftware.com.

For more information about Mimail.J and the other variants of this worm, visit Panda Software's Virus Encyclopedia at the following address: http://www.pandasoftware.com/virus_info/encyclopedia

NOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL.

Printer Friendly | Permalink | | Top

LibertyorDeath

(1000+ posts) Send PM | Profile | Ignore

Wed Nov-19-03 12:14 AM
Response to Original message

1. Thanks

Printer Friendly | Permalink | | Top

TrogL

(1000+ posts) Send PM | Profile | Ignore

Wed Nov-19-03 12:16 AM
Response to Original message

2. I've been getting notices about this all day

If they made it this far inside the firewall, it must be particularly nasty .

Printer Friendly | Permalink | | Top

newyawker99

(1000+ posts) Send PM | Profile | Ignore

Wed Nov-19-03 06:37 AM
Response to Reply #2

3. kick

:kick:

Printer Friendly | Permalink | | Top

DU AdBot (1000+ posts)

Thu Apr 25th 2024, 08:48 AM
Response to Original message

Advertisements [?]

Top

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.