|
-
August 1st, 2003, 07:59 PM
#1
W32.Mimail.A@mm - Just came out 8/1/03
Our mail servers just got bombarded with this worm. Symantec is not certain about the exact payload at this time so keep your eyes open for a signature update very soon.
http://[email protected]
Symantec Security Response is currently analyzing a new worm which spreads via email. The email will have the following characteristics:
Subject: your account %s
Attachment: message.zip
Note: %s refers to a variable string.
This worm attempts to exploit a vulnerability in Internet Explorer which allows a script to execute in the Local computer. Previously it was reported that this vulnerability was addressed by a Microsoft patch, but this undetermined at this time. For additional information please see http://www.securityfocus.com/bid/6961.
The worm is UPX packed.
Additional information will be provided as analysis continues.
Virus definitions with a version number of 50801r, also known as August 1, 2003 rev 18, or greater will detect this threat.
Also Known As: WORM_MIMAIL.A [Trend], W32/Mimail@MM [McAfee], Win32.Mimail.A [CA]
Type: Worm
Infection Length: approximately 16kb
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Macintosh, OS/2, UNIX, Linux
If you have Norton AV, you can download the signature update via the normal live update process or you can manually grab them here:
http://securityresponse.symantec.com....download.html
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
August 1st, 2003, 09:22 PM
#2
Member
The X-Force alert for this worm can be found @ http://xforce.iss.net/xforce/alerts/id/149
-
August 1st, 2003, 10:51 PM
#3
Symantec just posted a removal tool.
MIMAIL Removal
Cheers:
-
August 1st, 2003, 10:58 PM
#4
th3horse,
I apologize to you and to the rest of the community if i've been a pain or rude in any way. I'm here for the same reason as you. I hope that u accept my apology and that we could co-operate and be more productive in future posts.
Sincerely,
Cybr1d
-
August 2nd, 2003, 12:06 AM
#5
Apology accepted, provided you read the site FAQ and adhere to its contents.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
August 2nd, 2003, 12:19 AM
#6
BUgger.. slept in.. and .. I have a mess to cleanup..Mimail.. in customers machines.. mind Symantec did take their sweet time.. I think Trend/McAfee had this listed days ago.. Null posted a warning.. but crap Symantec have it listed at Cat 3... [jk]and worse .. I missed posting a warning..[/jk]
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
August 2nd, 2003, 11:55 PM
#7
Member
Und3ertak3r my man you have missed posting a virus warning! By the way how exactly do you do post these warnings so damn fast  ??!!!
Thnx horse for the warning!
(don't worry cybr1d you're doing just fine)
BD]Hobbit
-
August 3rd, 2003, 11:04 AM
#8
Timezone.....
Well that is my main excuse.. But it is because the ones who used to post the Head Up have moved on..and I now have some company.. so My name should be becoming rare in this thread..Yes?
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
