1. Symantec/
  2. Security Response/
  3. W32.Mimail.A@mm


Risk Level 2: Low

August 1, 2003
February 13, 2007 12:04:22 PM
Also Known As:
WORM_MIMAIL.A [Trend], W32/Mimail@MM [McAfee], Win32.Mimail.A [CA], W32/Mimail-A [Sophos], I-Worm.Mimail [Kaspersky]
Systems Affected:
CVE References:
CAN-2002-0980 CAN-2002-0077

W32.Mimail.A@mm is a worm that spreads by email and steals information from a user's machine.

The email has the following characteristics:

Subject: your account [random string]
Attachment: message.zip
  • The threat captures information from certain windows on a user's desktop and emails it to specific mail addresses.
  • This threat takes advantage of known vulnerabilities: MS02-15 and MS03-14. A Microsoft patch is located at: http://www.microsoft.com/windows/ie/downloads/critical/330994/default.asp.
  • We encourage system administrators to apply the Microsoft patch to prevent infection by this worm.
  • The worm is packed with UPX.
  • Virus definitions with a version number of 50801r, also known as August 1, 2003 rev 18, or greater will detect this threat.

Antivirus Protection Dates

  • Initial Rapid Release version August 1, 2003
  • Latest Rapid Release version September 22, 2016 revision 024
  • Initial Daily Certified version August 1, 2003
  • Latest Daily Certified version September 22, 2016 revision 025
  • Initial Weekly Certified release date August 1, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Atli Gudmundsson

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube