Mimail.i

Kaspersky:

A new version of the Mimail Internet worm has been detected in the wild.
Preliminary investigations suggest that the Mimail.i worm could pose a
signinficant threat.

Like it's predecessors, the latest version of Mimail spreads as an email
attachment, which in this case is named paypal.asp.scr. The worm gains
control over victim machines only if the attachment is opened. If the
victim does launch Mimail, the worm opens a dialogue box where it asks
for PayPal credit card information. Any data that is entered is saved in
a file named ppinfo.sys, which the worm mails to the virus sender.

Computer users should be on the lookout for Mimail.i and, as always,
keep anti-virus software databases up to date.

A detailed description of Mimail.i is available in the Kaspersky Virus
Encyclopedia at: http://www.viruslist.com/eng/viruslist.html?id=400658

 

Sophos:

W32/Mimail-I is a worm which spreads via email using addresses harvested from the hard drive of your computer. All email addresses found on your PC are saved in a file named el388.tmp in the Windows folder.
In order to run itself automatically when Windows starts up the worm copies itself to the file svchost32.exe in the Windows folder and adds the following registry entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SvcHost32


Read more:
http://www.sophos.com/virusinfo/analyses/w32mimaili.html