Discussion in 'malware problems & news' started by FanJ, Nov 14, 2003.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest


    A new version of the Mimail Internet worm has been detected in the wild.
    Preliminary investigations suggest that the Mimail.i worm could pose a
    signinficant threat.

    Like it's predecessors, the latest version of Mimail spreads as an email
    attachment, which in this case is named paypal.asp.scr. The worm gains
    control over victim machines only if the attachment is opened. If the
    victim does launch Mimail, the worm opens a dialogue box where it asks
    for PayPal credit card information. Any data that is entered is saved in
    a file named ppinfo.sys, which the worm mails to the virus sender.

    Computer users should be on the lookout for Mimail.i and, as always,
    keep anti-virus software databases up to date.

    A detailed description of Mimail.i is available in the Kaspersky Virus
    Encyclopedia at: http://www.viruslist.com/eng/viruslist.html?id=400658
  2. FanJ

    FanJ Guest


    W32/Mimail-I is a worm which spreads via email using addresses harvested from the hard drive of your computer. All email addresses found on your PC are saved in a file named el388.tmp in the Windows folder.
    In order to run itself automatically when Windows starts up the worm copies itself to the file svchost32.exe in the Windows folder and adds the following registry entry:


    Read more:
Thread Status:
Not open for further replies.