W32/Mimail.C@mm

31 October 2003

This new variant of the Mimail mass mailing worm that first gained wide distribution late last summer arrives with e-mails that carry a ZIP archive attachment containing the worm's executable named "photos.jpg.exe" (please note that some Windows users may see this file only as "photos.jpg"). The subject line of these e-mails is "Re[2]: our private photos" and the messages are signed by "James".

On infection this worm harvests e-mail addresses from the infected computer and subsequently spreads itself further by sending e-mails to these addresses. Mimail.C also attempts Denial of Service attacks on certain sites as well as trying to steal information from infected computers.

Recommended Reactions

Users are advised to update their virus signature files and make sure they have the latest versions of F-Prot Antivirus installed on their computers.

After updating the virus signature files, users should scan their whole system with the F-Prot Antivirus OnDemand scanner to ensure that their computer security was not compromised before the virus signature files were updated.

For more information on this worm and disinfection please visit our virus information section.

Threat Detection

The latest versions of F-Prot Antivirus detects W32/Mimail.c@mm using virus signature files dated 31 October 2003 or later.

Commtouch® is a leading developer of anti virus software and anti spam filtering services. Commtouch's anti virus computer software, F-PROT Antivirus, is available for a number of operating systems such as Windows, Linux, BSD, Solaris, and AIX as well as the Microsoft Exchange groupware.

1993-2013 © CYREN