W32/Mimail.C@mm
Threat risk
|
Detection files published:
31 Oct 2003 |
Description created:
2003-11-01 |
Description updated:
2003-11-01 |
|
Alias:
W32/Bics.A |
Spreading mechanism
| |
|
Payload:
Denial-of-service attack | ||
Summary
This is an email worm in the Mimail family. File size is 12832 bytes.
Spreading description
Email characteristics:
Subject: Re[2]: our private photos (+ random letters)
Body: Hello Dear!,
Finally i’ve found possibility to right u, my lovely girl :)
All our photos which i’ve made at the beach (even when u’re without ur bh :))
photos are great! This evening i’ll come and we’ll make the best SEX:)
Right now enjoy the photos.
Kiss, James.
(+ random letters)
Attachment: photos.zip (containing photos.jpg.exe)
This worm is quite similar to the Mimail.A email worm, except that it does not use any security vulnerabilities to execute.
When run, it copies itself to the Windows directory and install itself in the registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run NetWatch32 = [WINDIR] etwatch.exe
Threat description
The worm attempts to perform a denial-of-service attack agains a set of addresses belonging to darkprofits.com.
Removal
General information about removal of malicious software
Norman's antivirus products are in general able to remove all malicious software that is detected.
Some malware, however, uses techniques that the general product does not remove sufficiantly. We have therefore developed the free product Norman Malware Cleaner. Please use the latest version of this program from the link below - if your Norman antivirus is unable to clean-up the infection.
| Usage | Title | Comment |
|---|---|---|
| Stopping network share infectors | ||
| Cleaning of back-up folders on Windows Me and XP |
