-
Discovered:
- August 1, 2003
-
Updated:
- February 13, 2007 12:04:22 PM
-
Also Known As:
- WORM_MIMAIL.A [Trend], W32/Mimail@MM [McAfee], Win32.Mimail.A [CA], W32/Mimail-A [Sophos], I-Worm.Mimail [Kaspersky]
-
Type:
- Worm
-
Systems Affected:
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
-
CVE References:
-
CAN-2002-0980
CAN-2002-0077
W32.Mimail.A@mm is a worm that spreads by email and steals information from a user's machine.
The email has the following characteristics:
Subject: your account [random string]
Attachment: message.zip
- The threat captures information from certain windows on a user's desktop and emails it to specific mail addresses.
- This threat takes advantage of known vulnerabilities: MS02-15 and MS03-14. A Microsoft patch is located at: http://www.microsoft.com/windows/ie/downloads/critical/330994/default.asp.
- We encourage system administrators to apply the Microsoft patch to prevent infection by this worm.
- The worm is packed with UPX.
- Virus definitions with a version number of 50801r, also known as August 1, 2003 rev 18, or greater will detect this threat.
Antivirus Protection Dates
-
Initial Rapid Release version August 1, 2003
-
Latest Rapid Release version November 4, 2010 revision 052
-
Initial Daily Certified version August 1, 2003
-
Latest Daily Certified version November 4, 2010 revision 057
-
Initial Weekly Certified release date August 1, 2003
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: More than 1000
-
Number of Sites: More than 10
-
Geographical Distribution: Low
-
Threat Containment: Easy
-
Removal: Moderate
Writeup By: Atli Gudmundsson
