The W32/Mimail.A worm started spreading this weekend and has already gained wide distribution. Mimail.A spreads by infected attachments to e-mail messages disguised as being from the recipient's local administrator.
We strongly recommend that users of F-Prot Antivirus products upgrade to the latest versions of F-Prot Antivirus, update their virus signature files and scan their machines. It is also necessary to patch against the vulnerabilities exploited by Mimail.A with the patch available from Microsoft's site.
Windows users using the Realtime Protector were not in any danger from Mimail.A as the Realtime Protector stopped it from executing.
The e-mail message is as follows:
Subject: your account : ( + 'random characters')
email address. This email address will be expiring.
Please read attachment for details
Best regards, Administrator
When opened, the attachment infects the computer by dropping an executable named foo.exe and running it, thereby also mailing itself to several addresses collected from the local hard drive.
Mimail.A uses a vulnerability to create a copy of the worm in the Temporary Internet Files folder, and then run it.
For information on this vulnerability and a patch visit: