Mail worm goes on global infecting spree

Link: Corporate networks at risk from spam virus

Worm/MiMail.A uses a Microsoft Internet Explorer (IE) exploit that allows a created executable virus to run on the local computer.

The internet worm spreads through email by using addresses it collects from local files on compromised clients. The worm attacks PCs running Windows 95, Windows 98, Windows NT, Windows Me, Windows 2000 and Windows XP.

The payload is Java script code contained in a Zip folder called

Once activated the worm harvests all email addresses on the computer and mails itself out. It also writes a file called VIDEODRV.EXE onto the auto-run register so that it reloads every time the PC reboots.

‘Mimail’ also creates several other files in the Windows directory: EXE.TMP – an HTML worm, ZIP.TMP an archive worm and EML.TMP – an email worm.

A patch is available from Microsoft at;en-us;330994

Steven Sundermeier, vice president of products and services at security firm Central Command, said in a statement: ‘Worm/MiMail.A is spreading globally at an alarming rate.

‘Our preliminary virus tracking report shows that US based computer users are being the hardest hit thus far, at this time 61% of the confirmed infection reports have originated in the US.’

An alert from antivirus company Panda Software added: ‘It’s a malicious code with fast email spreading capability. In order to spread itself the worm uses two IE vulnerabilities that Microsoft released patches for some time ago.’

The worm arrives through e-mail in the following format:

Subject: your account
Hello there,
I would like to inform you about important information regarding your email address. This email address will be expiring. Please read attachment for details.

Best regards, Administrator

Anti-virus firm Kaspersky thinks the virus originated in Russia since it closely resembles malware found last year called StartPage which came from Russina hackers.

Related reading

Life Belt with Computer Folders
HMRC banknotes