Alert! W32.Mimail.J@mm WARNING: W32.Mimail.J@mm Also Known As: W32/Mimail.j@MM [McAfee], WORM_MIMAIL.J [Trend], Win32.Mimail.J [Computer Associates], W32/Mimail-J [Sophos], I-Worm.Mimail.j [Kaspersky] Threat level: Category 3, Moderate (scale of 1-5) Type: Worm W32.Mimail.J@mm is a mass-mailing worm that attempts to steal personal information. This worm displays a series of forms that ask users to enter their credit card information. (See the "Technical Details" for illustrations.) This information is saved and later emailed to several predetermined email addresses. This worm is similar to W32.Mimail.I@mm. The email has the following characteristics: From: Do_Not_Reply@xxxxxxxxxx Subject: IMPORTANT <random string of characters> Attachment: InfoUpdate.exe -or- www.paypal.com.pif From Symantec http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.j@xxxxxxx Removal using the W32.Mimail Removal Tool http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.removal.to ol.html Symantec Security Response has created a tool to remove W32.Mimail.J@mm, which is the easiest way to remove this threat. Read the document, W32.Mimail Removal Tool, for instructions on how to use this tool. Panda; http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=41 858 Computer Associates http://www3.ca.com/virusinfo/virus.aspx?ID=37596 Trend http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.J _____________________________________ Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see ~ http://www.mwn.ca <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> See my Anti-Virus pages <http://www3.telus.net/mikebike/mikes virus page.htm> <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance Charter Member ~*~*~*~*~ To unsubscribe from our list send an email to hackfix-virusnews-request@xxxxxxxxxxxxx?Subject=unsubscribe. For a complete list of email commands for our list send an email to ecartis@xxxxxxxxxxxxx with a subject line of "info hackfix-virusnews" without the quotes. ~*~*~*~*~