W32.Mimail.A@mm - Just came out 8/1/03
Results 1 to 8 of 8

Thread: W32.Mimail.A@mm - Just came out 8/1/03

  1. #1
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884

    W32.Mimail.A@mm - Just came out 8/1/03

    Our mail servers just got bombarded with this worm. Symantec is not certain about the exact payload at this time so keep your eyes open for a signature update very soon.


    http://securityresponse.symantec.com...mail.a@mm.html

    Symantec Security Response is currently analyzing a new worm which spreads via email. The email will have the following characteristics:

    Subject: your account %s
    Attachment: message.zip

    Note: %s refers to a variable string.

    This worm attempts to exploit a vulnerability in Internet Explorer which allows a script to execute in the Local computer. Previously it was reported that this vulnerability was addressed by a Microsoft patch, but this undetermined at this time. For additional information please see http://www.securityfocus.com/bid/6961.

    The worm is UPX packed.

    Additional information will be provided as analysis continues.

    Virus definitions with a version number of 50801r, also known as August 1, 2003 rev 18, or greater will detect this threat.


    Also Known As: WORM_MIMAIL.A [Trend], W32/Mimail@MM [McAfee], Win32.Mimail.A [CA]

    Type: Worm
    Infection Length: approximately 16kb



    Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
    Systems Not Affected: Macintosh, OS/2, UNIX, Linux

    If you have Norton AV, you can download the signature update via the normal live update process or you can manually grab them here:
    http://securityresponse.symantec.com....download.html
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #2
    Member
    Join Date
    Nov 2002
    Posts
    32
    The X-Force alert for this worm can be found @ http://xforce.iss.net/xforce/alerts/id/149
    ISS you are the besthttp://www.issadvisor.com/images/personal/pisson.gifbecause you piss on the rest

    [gloworange]www.issadvisor.com [/gloworange]

  3. #3
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Symantec just posted a removal tool.

    MIMAIL Removal


    Cheers:
    DjM

  4. #4
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    th3horse,

    I apologize to you and to the rest of the community if i've been a pain or rude in any way. I'm here for the same reason as you. I hope that u accept my apology and that we could co-operate and be more productive in future posts.

    Sincerely,

    Cybr1d

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Apology accepted, provided you read the site FAQ and adhere to its contents.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    BUgger.. slept in.. and .. I have a mess to cleanup..Mimail.. in customers machines.. mind Symantec did take their sweet time.. I think Trend/McAfee had this listed days ago.. Null posted a warning.. but crap Symantec have it listed at Cat 3... [jk]and worse .. I missed posting a warning..[/jk]

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  7. #7
    Member
    Join Date
    Jul 2003
    Posts
    80
    Und3ertak3r my man you have missed posting a virus warning! By the way how exactly do you do post these warnings so damn fast ??!!!

    Thnx horse for the warning!

    (don't worry cybr1d you're doing just fine)

    BD]Hobbit
    http://www.AntiOnline.com/sig.php?imageid=442
    You need people of intelligence on this sort of quest...

  8. #8
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    Timezone.....

    Well that is my main excuse.. But it is because the ones who used to post the Head Up have moved on..and I now have some company.. so My name should be becoming rare in this thread..Yes?

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •