New e-mail worm attacks via old breach


New e-mail worm attacks via old breach

A new e-mail virus, Mimail, is spreading on the internet.

Mimail is a mass-mailing e-mail worm that arrives in e-mail in-boxes disguised as an administrative e-mail sent from an organisation's own administrator.

Anti-virus firm MessageLabs has given the worm a high risk rating after intercepting more than 40,000 infected e-mails in 88 countries since Mimail was first detected on 1 August.

It is similar to other worms such as Klez and Yaha, entering systems via in Internet Explorer.  Messages use the subject "Your Account" and contain the virus in an executable attachment called "".

When released, the Mimail virus captures e-mail addresses from a user's hard drive and sends copies of itself out to recipients using a built-in SMTP (Simple Mail Transfer Protocol) engine.

Most anti-virus companies have rated the new worm a "medium"-level threat, indicating that the worm was infecting customer sites and spreading.

Vincent Gullotto, senior director at Network Associates' McAfee AVERT Labs, said, "The initial numbers look like people are getting hit pretty hard."

However, the large number of reports about Mimail may just be evidence of a spam-like initial distribution, or "seeding" of the virus, he added, making Mimail similar to another recent e-mail containing a malicious program, Downloader-DI.

That virus set up a secret back door on infected machines and downloaded instructions from a hacker website.

"The rapid spread of Mimail is a good reminder that dangerous programs are not only found in EXE files," said Eugene Kaspersky, founder of Kaspersky Labs and head of anti-virus research.

According to Gullotto, Mimail's spread could be because of its ability to mask itself as an internal administrative message, tricking users into trusting the message.

In addition, Mimail's malicious code is embedded in a compressed format file, making it difficult for some gateway antivirus products to detect the attack.

While it appears Mimail steals e-mail addresses and sends copies of itself out to unsuspecting users, McAfee AVERT is still studying the virus for other malicious activities such as installing Trojan programs that could allow malicious hackers to gain access to the machine at a later date.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy