- August 1, 2003
- February 13, 2007 12:04:22 PM
Also Known As:
- WORM_MIMAIL.A [Trend], W32/Mimail@MM [McAfee], Win32.Mimail.A [CA], W32/Mimail-A [Sophos], I-Worm.Mimail [Kaspersky]
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
W32.Mimail.A@mm is a worm that spreads by email and steals information from a user's machine.
The email has the following characteristics:
your account [random string]
- The threat captures information from certain windows on a user's desktop and emails it to specific mail addresses.
- This threat takes advantage of known vulnerabilities: MS02-15 and MS03-14. A Microsoft patch is located at: http://www.microsoft.com/windows/ie/downloads/critical/330994/default.asp.
- We encourage system administrators to apply the Microsoft patch to prevent infection by this worm.
- The worm is packed with UPX.
- Virus definitions with a version number of 50801r, also known as August 1, 2003 rev 18, or greater will detect this threat.
Antivirus Protection Dates
Initial Rapid Release version August 1, 2003
Latest Rapid Release version November 4, 2010 revision 052
Initial Daily Certified version August 1, 2003
Latest Daily Certified version November 4, 2010 revision 057
Initial Weekly Certified release date August 1, 2003
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Wild Level: Low
Number of Infections: More than 1000
Number of Sites: More than 10
Geographical Distribution: Low
Threat Containment: Easy
Writeup By: Atli Gudmundsson