**HeadsUp** Mimail.D
Results 1 to 4 of 4

Thread: **HeadsUp** Mimail.D

  1. #1
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744

    Exclamation **HeadsUp** Mimail.D

    I would recommend also reading the following thread.. Found Here

    This Heads up is posted due to the the severity rating being Cat 3..

    This information from Symantec found Here
    Description:
    W32.Mimail.D@mm is a variant of W32.Mimail.C@mm that spreads by email. It is packed with UPX.

    The email has the following characteristics:

    Subject: don't be late! [random string of letters]
    Attachment: readnow.zip
    Technical details: (part of)
    Payload:
    Large scale e-mailing: Sends email messages using its own SMTP engine
    Causes system instability: Sends data to fethard.biz and fethard-finance.com in an attempt to perform a Denial Of Serivce
    Distribution

    Subject of email: don't be late! [random string of letters]
    Name of attachment: readnow.zip
    Size of attachment: 10,912


    When W32.Mimail.D@mm is executed, it does the following:


    Copies itself as %Windir%\cnfrm.exe.


    --------------------------------------------------------------------------------
    Note: %Windir% is a variable. The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.
    --------------------------------------------------------------------------------


    Adds the value:

    "Cnfrm" = "%Windir%\cnfrm.exe"

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    AKA and Variants
    W32/Mimail@mm [McAfee] W32.Mimail.A@mm, W32.Mimail.C@mm


    BTW: I think I have unwittingly classified this Worm as Spam on my mail system.. .. and have manualy deleted the crud from the ISP's Server..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  2. #2
    Senior Member
    Join Date
    Sep 2003
    Posts
    279
    thanks for the heads up
    AntiOnline Quick Forum Version 2b Click Here
    10010101000000110010001100111

  3. #3
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    And another variant:

    Version E: link to Symantecs info page

    http://securityresponse.symantec.com...mail.e@mm.html

    W32.Mimail.E@mm is a variant of W32.Mimail.D@mm that spreads by email. It is packed with UPX.

    The email has the following characteristics:

    Subject: don't be late! [random string of letters]
    Attachment: readnow.zip
    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  4. #4
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Oh no! A virii! Wait.... *looks at Boxes* Oh, there all *NIX except for one that isnt even on... *whipes forehead* Whew! That was close! Glad thats over!

    lol, Yea I had too. This is just getting pathetic, is there some virii competition going on that I was not informed of? Seems to be a new one every week. And anything that makes Windows crash like these......Is usually installed by default Buahahahahaha.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •