Virus Alert Category 3 - W32.Mimail.A@mm

Symantec Security Response is currently analyzing a new worm which spreads via email. The email will have the following characteristics:

Subject: your account %s
Attachment: message.zip

Note: %s refers to a variable string.

This worm attempts to exploit a vulnerability in Internet Explorer which allows a script to execute in the Local computer. Previously it was reported that this vulnerability was addressed by a Microsoft patch, but this undetermined at this time. For additional information please see »www.securityfocus.com/bid/6961[?].

The worm is UPX packed.

Additional information will be provided as analysis continues.

Virus definitions with a version number of 50801r, also known as August 1, 2003 rev 18, or greater will detect this threat.

Also Known As: WORM_MIMAIL.A [Trend], W32/Mimail@MM [McAfee], Win32.Mimail.A [CA]

Type: Worm
Infection Length: approximately 16kb

Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me

http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.a@mm.html