Security researchers are continuing to analyze a new worm that began spreading rapidly through e-mail systems worldwide earlier today.
Known as W32.Mimail.A, the worm attempts to exploit a vulnerability in Internet Explorer that allows a scripting on a users computer. Researchers at Symantecs security response center rated the worms damage capabilities as “low” though they said the worm is being widely distributed and that not all of its attributes are yet known.
Mimail.A arrives as a zipped file named “message.zip” in an e-mail with the subject line “your account.” The message, which often appears to come from an administrative account within the users domain, includes the message “Hello there, I would like to inform you about important information regarding your email address. This email address will be expiring. Please read attachment for details. Best regards, Administrator.”
Read Microsofts response
to this new worm.
“The creators of threats like Mimail continually look for ways to trick the average computer user into launching their malware surprises,” said Ian Hameroff, security strategist at Computer Associates International Inc. in Islandia, N.Y. “As such, all users need to keep a constant guard up against these tactics, taking a moment to validate the authenticity of any e-mail with an attachment. Its like the cyber equivalent of looking both ways before crossing the road.”
If the worm is launched, the malware copies itself to %Windir%videodrv.exe, amends the registry and runs when Widows is restarted. Mimail uses its own SMTP server to propagate further, security experts said.
The Mimail.A file is approximately 16KB and affects systems running Microsoft Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP and Windows Me.
Researchers at Trend Micro, who rated Mimail a “medium” risk, published manual removal instructions for infected users available here.