New Windows Worm on the MoveBy Dennis Fisher | Posted 2003-10-31 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
The Mimail.C mass-mailing wormwhich bites Windows systemsis programmed to launch a denial-of-service attack against two domain names.
Antivirus experts are warning of a new mass-mailing worm infecting Windows machines that also is programmed to launch a denial-of-service attack against two domain names. The new pest is called Mimail.C, and it conforms to just about every convention of the mass-mailing virus rulebook.
The worm first appeared Friday morning and is spreading somewhat slowly at this point, although it has the potential to infect a large number of PCs, experts say. Mimail.C arrives via e-mail and has a subject line of: "Re: our private photos." The sender's name is spoofed and often appears to come from the same domain as the recipient. The body of the message reads as follows:
Finally i've found possibility to right u, my lovely girl :)
All our photos which i've made at the beach (even when u're without ur
photos are great! This evening i'll come and we'll make the best SEX :)
Right now enjoy the photos.
(plus some random characters)
The zipped attachment contains the infected file. Once it executes, the worm mails copies of itself to all of the addresses in the user's Outlook address book and other locations on the hard drive. It also copies itself to the Windows directory as Netwatch.exe, according to an analysis of the worm by Symantec Corp., based in Cupertino, Calif. Mimail.C also makes repeated checks of some specific application windows, looking for sensitive information. Anything it finds is copied to a file it creates called C:\TMPE.TMP and then sent to two e-mail addresses that are found in the worm's code.
The worm is also capable of directing a DoS attack against www.darkprofits.com and www.darkprofits.net.