August 1st, 2003, 06:59 PM
Mimail Worm: Block "message.zip" Attachment
The Mimail worm is spreading as we speak and is being ranked Medium to High by the antivirus vendors. The file attachment associated is "message.zip".
Many mail servers allow ZIP attachments, but the recommendation on the street right now is to block the specific file attachment named "message.zip" until the antivirus vendors catch up and release detection for this threat.
Here is some info from the McAfee AVERT site:
McAfee customers are proactively protected from this threat using the 4272 DAT files (or higher) and 4.1.60+ scan engine. When scanning compressed archives is enabled, the email attachment associated with this threat is detected as Exploit-Codebase.
This malware bears similarities to Downloader-DK, which was spammed several days ago. This threat may have also been spammed. It is received as an email attachment as follows.
Subject: your account %user%
I would like to inform you about important information regarding your email address. This email address will be expiring. Please read attachment for details.
--- Best regards, Administrator