A new worm - W32.Mimail.A@mm (English Version Only)
Nov 04, 2003
Communnilink has received many reports of this worm from the wild.
Description
W32.Mimail.A@mm is a worm that spreads by email and steals information from a user's machine. The email has the following characteristics:
|
Subject |
Attachment |
Details |
| W32.Mimail.A@mm |
your account [random string] |
message.zip |
[Click for details] |
| W32.Mimail.C@mm |
Re[2]: our private photos [random string of letters] |
photos.zip |
[Click for details] |
| W32.Mimail.D@mm |
don't be late! [random string of letters] |
readnow.zip |
[Click for details] |
| W32.Mimail.E@mm |
don't be late! [random string of letters] |
readnow.zip |
[Click for details] |
Once the attachment was extracted and run by recipient, the worm will create following files in Windows directory:
NETWATCH.exe - a copy of the worm.
exe.tmp - a temporary copy of the worm.
zip.tmp - a temporary copy of mail attachment ( ex: Photos.zip ).
eml.tmp - list of e-mail address found on infected machine.
And creates a startup key for in System Registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run "NetWatch32" = C:\WINNT\NETWATCH.EXE
Solution
New virus definition is available from anti-virus vendors to detect and remove this virus.
If you do not install any anti-virus program, you can download the following removal tools to clean it.
Mcafee
http://vil.nai.com/vil/stinger/
Symantec
http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.removal.tool.html
Related Link(s)
For more information, please refer to the following websites.
Information from Computer Associates
Information from F-Secure
Information from McAfee
Information from Sophos
Information from Symantec
Information from Trend Micro
News Contact
Service Hotline: (852) 2998 0808
Fax: (852) 29977800
Email: service@communilink.net
|
