Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- August 1, 2003
- Updated:
- February 13, 2007 12:04:22 PM
- Also Known As:
- WORM_MIMAIL.A [Trend], W32/Mimail@MM [McAfee], Win32.Mimail.A [CA], W32/Mimail-A [Sophos], I-Worm.Mimail [Kaspersky]
- Type:
- Worm
- Systems Affected:
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
- CVE References:
- CAN-2002-0980 CAN-2002-0077
W32.Mimail.A@mm is a worm that spreads by email and steals information from a user's machine.
The email has the following characteristics:
Subject: your account [random string]
Attachment: message.zip
- The threat captures information from certain windows on a user's desktop and emails it to specific mail addresses.
- This threat takes advantage of known vulnerabilities: MS02-15 and MS03-14. A Microsoft patch is located at: http://www.microsoft.com/windows/ie/downloads/critical/330994/default.asp.
- We encourage system administrators to apply the Microsoft patch to prevent infection by this worm.
- The worm is packed with UPX.
- Virus definitions with a version number of 50801r, also known as August 1, 2003 rev 18, or greater will detect this threat.
Antivirus Protection Dates
- Initial Rapid Release version August 1, 2003
- Latest Rapid Release version November 4, 2010 revision 052
- Initial Daily Certified version August 1, 2003
- Latest Daily Certified version November 4, 2010 revision 057
- Initial Weekly Certified release date August 1, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
- Wild Level: Low
- Number of Infections: More than 1000
- Number of Sites: More than 10
- Geographical Distribution: Low
- Threat Containment: Easy
- Removal: Moderate
Damage
- Damage Level: Low
Distribution
- Distribution Level: High
Writeup By: Atli Gudmundsson
