TechnologyAccounting SoftwareMail worm goes on global infecting spree

Mail worm goes on global infecting spree

A dangerous new worm is infecting PCs at an alarming rate, antivirus experts have warned.

Link: Corporate networks at risk from spam virus

Worm/MiMail.A uses a Microsoft Internet Explorer (IE) exploit that allows a created executable virus to run on the local computer.

The internet worm spreads through email by using addresses it collects from local files on compromised clients. The worm attacks PCs running Windows 95, Windows 98, Windows NT, Windows Me, Windows 2000 and Windows XP.

The payload is Java script code contained in a Zip folder called Message.zip.

Once activated the worm harvests all email addresses on the computer and mails itself out. It also writes a file called VIDEODRV.EXE onto the auto-run register so that it reloads every time the PC reboots.

‘Mimail’ also creates several other files in the Windows directory: EXE.TMP – an HTML worm, ZIP.TMP an archive worm and EML.TMP – an email worm.

A patch is available from Microsoft at http://support.microsoft.com/default.aspx?scid=kb;en-us;330994

Steven Sundermeier, vice president of products and services at security firm Central Command, said in a statement: ‘Worm/MiMail.A is spreading globally at an alarming rate.

‘Our preliminary virus tracking report shows that US based computer users are being the hardest hit thus far, at this time 61% of the confirmed infection reports have originated in the US.’

An alert from antivirus company Panda Software added: ‘It’s a malicious code with fast email spreading capability. In order to spread itself the worm uses two IE vulnerabilities that Microsoft released patches for some time ago.’

The worm arrives through e-mail in the following format:

Subject: your account
Body:
Hello there,
I would like to inform you about important information regarding your email address. This email address will be expiring. Please read attachment for details.

Best regards, Administrator
Attachment: message.zip

Anti-virus firm Kaspersky thinks the virus originated in Russia since it closely resembles malware found last year called StartPage which came from Russina hackers.

Related Articles

Accountancy in the digital age: Flexibility, agility, efficiency

Accounting Software Accountancy in the digital age: Flexibility, agility, efficiency

2w Pegasus Software | Sponsored
Sage purchases Intacct in its largest ever acquisition

Accounting Software Sage purchases Intacct in its largest ever acquisition

5m Alia Shoaib, Reporter
5 tips for SMEs to protect cash flow

Accounting Software 5 tips for SMEs to protect cash flow

5m Alia Shoaib, Reporter
UK behind foreign markets in digital accounting, but gap is narrowing

Accounting Software UK behind foreign markets in digital accounting, but gap is narrowing

7m Alia Shoaib, Reporter
The rise of the progressive accountant

Accounting Software The rise of the progressive accountant

7m Emma Smith, Managing Editor
Making Tax Digital: Revolution or revolt?

Accounting Software Making Tax Digital: Revolution or revolt?

8m Emma Smith, Managing Editor
Making Tax Digital: Is HMRC’s recent system fault a cause for concern?

Accounting Software Making Tax Digital: Is HMRC’s recent system fault a cause for concern?

8m Emma Smith, Managing Editor
Four reasons why SME owners should switch to cloud accounting

Accounting Software Four reasons why SME owners should switch to cloud accounting

9m Emma Smith, Managing Editor