Mimail bug tries to convince you it was sent by the IT department
By Ina Fried
Published: 4 August 2003 04:24 GMT
A new mass-mailing virus, which disguises itself as a file sent by a computer user's network administrator, began infecting systems on Friday.
The worm, which is being dubbed ‘mimail’, attempts to exploit a vulnerability in Internet Explorer that allows a script to be executed by an infected computer. The worm then tries to use that script to mass email itself, potentially clogging mail servers or slowing down networks, according to anti-virus company Symantec.
The arrival of Mimail comes amid heightened fears that a large-scale attack on the internet could be looming. The US government warned last week that a widespread flaw in Windows could be used to generate an attack.
The email that carries the worm has “your account” in the subject line, according to Symantec, and the body reads, "Hello there, I would like to inform you about important information regarding your e-mail address. This e-mail address will be expiring. Please read attachment for details."
It is then signed "Best regards, Administrator" and contains an attachment labelled "message.zip" that carries the malicious code.
In terms of its method, the mimail bug is somewhat similar to other mass-mailing worms, said Sharon Ruckman, a senior director at Symantec Security Response. What's trickier than usual, she said, is the way the email that carries the worm tries to get people to open the attachment.
"The social engineering aspect [is] a lot more serious," Ruckman said. "You believe it was the administrator from your own domain, whether that is your company or your ISP."
Also of note, Ruckman said, is that the mass emailing code is contained in an HTML file, a type of file not normally associated with executing programs. Ruckman recommended that corporations either delete the attachments at the server level or block messages with the "your account" subject line.
As of 1:45 p.m. PST, Symantec said it had received 125 total submissions of the worm and had rated it as a threat level of 3 on a scale of 1 to 5. Ina Fried writes for CNET News.com.
SQL experience Exchange experience Symantec anti-virus experience My client who are emergency services are currently seeking an exceptional Systems ...
Experience of Sharepoint and MOS versions 2003+ Symantec Anti-Virus +Logging and monitoring applications This excellent opportunity has arisen due my ...
Tivoli Enterprise Manager, Enterprise Security Manager, Tivoli Storage Manager, Symantec Anti-Virus and MSUS/BigFix etc. Data Backup, Replication and ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Peter Cochrane Peter Cochrane's Blog: How the telcos could save themselves Doomed network operators could thrive with a bit of innovation
Peter Cochrane Peter Cochrane's Blog: Facebook saves teen from prison Another unexpected impact of social networking