eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Discuss This in the eWEEK Forum
Antivirus experts are warning of a new mass-mailing worm infecting Windows machines that also is programmed to launch a denial-of-service attack against two domain names. The new pest is called Mimail.C, and it conforms to just about every convention of the mass-mailing virus rulebook.
The worm first appeared Friday morning and is spreading somewhat slowly at this point, although it has the potential to infect a large number of PCs, experts say. Mimail.C arrives via e-mail and has a subject line of: “Re[2]: our private photos.” The senders name is spoofed and often appears to come from the same domain as the recipient. The body of the message reads as follows:
Hello Dear!,
Finally ive found possibility to right u, my lovely girl :)
All our photos which ive made at the beach (even when ure without ur
bh:))
photos are great! This evening ill come and well make the best SEX :)
Right now enjoy the photos.
Kiss, James.
(plus some random characters)
Attachment:
photos.zip
The zipped attachment contains the infected file. Once it executes, the worm mails copies of itself to all of the addresses in the users Outlook address book and other locations on the hard drive. It also copies itself to the Windows directory as Netwatch.exe, according to an analysis of the worm by Symantec Corp., based in Cupertino, Calif. Mimail.C also makes repeated checks of some specific application windows, looking for sensitive information. Anything it finds is copied to a file it creates called C:TMPE.TMP and then sent to two e-mail addresses that are found in the worms code.
The worm is also capable of directing a DoS attack against www.darkprofits.com and www.darkprofits.net.
Discuss This in the eWEEK Forum