Posted in GD as a public service.
The poster is not an employee of, or in any way associated with Panda Software.
---
Panda Software reports the appearance of the Mimail.J worm
Virus Alerts, by Panda Software (
http://www.pandasoftware.com)
Madrid, November 18, 2003 - PandaLabs has detected the appearance of a new worm called Mimail.J (W32/Mimail.J.worm), which is already causing incidents among users. This worm steals confidential information from the computers it infects and sends it out via e-mail.
The J variant of Mimail spreads via e-mail in a message with the subject 'IMPORTANT' and an attached file called w w w.paypal.com.pif. When it is run, this malicious code shows an image on screen that simulates the home window of a financial entity. Then, Mimail.J collects the information entered by the user and sends it out via e-mail.
After infecting a computer, this worm looks for e-mail addresses in all the files that do not have any of the following extensions: COM, WAV, CAB, PDF, RAR, ZIP, TIF, PSD, OCX, VXD, MP3, MPG, AVI, DLL, EXE, GIF, JPG and BMP, and saves them in a file called el388.tmp. Mimail.J then sends itself out to all the addresses it has found, using its own SMTP engine.
Mimail.J connects to the IP address 212.5.86.163, which belongs to a Russian e-mail server. This worm uses so-called 'social engineering' techniques to trick users and spread to as many computer as possible, like the I variant, the message carrying Mimail.J refers to the PAYPAL payment system.
Due to the incidents received involving Mimail.J and the possibility of an increase in the number of infections caused by this worm, Panda Software advises users to treat all e-mails received with caution, and to update their antivirus solutions if they haven't already done so. The company has already made the updates to its products available to users to ensure their solutions can detect and eliminate Mimail.J. Those whose software is not configured to update automatically, should update their solutions from
http://www.pandasoftware.com/ Users can also scan their computers using the free, online antivirus, Panda ActiveScan, which is available on the company's website at
http://www.pandasoftware.com.For more information about Mimail.J and the other variants of this worm, visit Panda Software's Virus Encyclopedia at the following address:
http://www.pandasoftware.com/virus_info/encyclopediaNOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL.