1. /
  2. Security Response/
  3. W32.Mimail.A@mm

W32.Mimail.A@mm

Risk Level 2: Low

Discovered:
August 1, 2003
Updated:
February 13, 2007 12:04:22 PM
Also Known As:
WORM_MIMAIL.A [Trend], W32/Mimail@MM [McAfee], Win32.Mimail.A [CA], W32/Mimail-A [Sophos], I-Worm.Mimail [Kaspersky]
Type:
Worm
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
CVE References:
CAN-2002-0980 CAN-2002-0077

W32.Mimail.A@mm is a worm that spreads by email and steals information from a user's machine.

The email has the following characteristics:

Subject: your account [random string]
Attachment: message.zip
  • The threat captures information from certain windows on a user's desktop and emails it to specific mail addresses.
  • This threat takes advantage of known vulnerabilities: MS02-15 and MS03-14. A Microsoft patch is located at: http://www.microsoft.com/windows/ie/downloads/critical/330994/default.asp.
  • We encourage system administrators to apply the Microsoft patch to prevent infection by this worm.
  • The worm is packed with UPX.
  • Virus definitions with a version number of 50801r, also known as August 1, 2003 rev 18, or greater will detect this threat.


Antivirus Protection Dates

  • Initial Rapid Release version August 1, 2003
  • Latest Rapid Release version November 4, 2010 revision 052
  • Initial Daily Certified version August 1, 2003
  • Latest Daily Certified version November 4, 2010 revision 057
  • Initial Weekly Certified release date August 1, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: More than 1000
  • Number of Sites: More than 10
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: High
Writeup By: Atli Gudmundsson

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver