hackfix-virusnews: Alert! W32.Mimail.J@mm

  • From: "Mike" <mikebike@xxxxxxxxx>
  • To: hackfix-virusnews@xxxxxxxxxxxxx
  • Date: Tue, 18 Nov 2003 21:30:29 -0800


 
Alert! W32.Mimail.J@mm 


WARNING:             W32.Mimail.J@mm
Also Known As:  W32/Mimail.j@MM [McAfee], WORM_MIMAIL.J [Trend], 
Win32.Mimail.J [Computer Associates], W32/Mimail-J [Sophos], I-Worm.Mimail.j
[Kaspersky] 


Threat level:        Category 3, Moderate (scale of 1-5)
Type:                Worm
W32.Mimail.J@mm is a mass-mailing worm that attempts to steal personal
information. This worm displays a series of forms that ask users to enter
their credit card information. (See the "Technical Details" for
illustrations.) This information is saved and later emailed to several
predetermined email addresses. 

This worm is similar to W32.Mimail.I@mm.

The email has the following characteristics:

From: Do_Not_Reply@xxxxxxxxxx
Subject: IMPORTANT  <random string of characters>
Attachment: InfoUpdate.exe -or- 
www.paypal.com.pif

   
From Symantec
http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.j@xxxxxxx

Removal using the W32.Mimail Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.removal.to
ol.html
Symantec Security Response has created a tool to remove W32.Mimail.J@mm, 
which is the easiest way to remove this threat. Read the document, 
W32.Mimail Removal Tool, for instructions on how to use this tool.

Panda;
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=41
858

Computer Associates
http://www3.ca.com/virusinfo/virus.aspx?ID=37596

Trend
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.J

_____________________________________


Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see ~ http://www.mwn.ca 
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
See my Anti-Virus pages
<http://www3.telus.net/mikebike/mikes virus page.htm>
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance Charter Member



~*~*~*~*~
To unsubscribe from our list send an email 
to hackfix-virusnews-request@xxxxxxxxxxxxx?Subject=unsubscribe.

For a complete list of email commands for our list send 
an email to ecartis@xxxxxxxxxxxxx with a subject line of 
"info hackfix-virusnews" without the quotes.
~*~*~*~*~

Other related posts:

  • » hackfix-virusnews: Alert! W32.Mimail.J@mm
  1. Home
  2. hackfix-virusnews
  3. Archive
  4. 11-2003