W32/Mimail.E@mm

Threat risk

Threat risk medium


Detection files published: 1 Nov 2003	Description created: 2003-11-01	Description updated: 2003-11-01

Malware type: Worm	Alias:	Spreading mechanism Email

Payload: Performs denial-of-service attack

Summary
Spreading description
Threat description
Removal

Summary

This is an email worm in the Mimail family. File size is 10784 bytes

Spreading description

Email characteristics:

Subject: don't be late! + (random letters)
Body: Will meet tonight as we agreed, because on Wednesday I don’t think I’ll make it,

so don’t be late. And yes, by the way here is the file you asked for.
It’s all written there. See you.

(+ random letters)
Attachment: readnow.zip (containing readnow.doc.scr)

This worm is very similar to the Mimail.C email worm.

When run, copy itself to the Windows directory and install itself in the registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cnfrm32 = [WINDIR]cnfrm.exe

Threat description

Similar to the Mimail.C worm, this variant performs a denial-of-service attack.

Targets are:

www.spamcop.net
www.spamhaus.org
www.spews.org

Removal

General information about removal of malicious software

Norman's antivirus products are in general able to remove all malicious software that is detected.
Some malware, however, uses techniques that the general product does not remove sufficiantly. We have therefore developed the free product Norman Malware Cleaner. Please use the latest version of this program from the link below - if your Norman antivirus is unable to clean-up the infection.

Usage	Title	Comment
	Stopping network share infectors
	Cleaning of back-up folders on Windows Me and XP

Print page