Internet Security Systems Security Alert
August 1, 2003

"Mimail" Mass-Email Worm Propagation

Synopsis:

ISS X-Force has detected the spread of a mass-emailing worm named
"Mimail". The Mimail worm is currently propagating aggressively across the
Internet. Mimail takes advantage of a vulnerability in Internet Explorer
to hide an executable program within what appears to be a benign HTML file
delivered to recipients via email.

Impact:

The executable payload of the worm is hidden within a HTML file that is
delivered in a compressed ZIP archive. Many Internet users believe that
HTML files are not dangerous. The Mimail worm was designed specifically to
appear to be benign, and to execute via a flaw in Internet Explorer.
Viruses or worms that propagate by exploiting flaws in software are
particularly dangerous, and they generally propagate more effectively.

http://xforce.iss.net/xforce/alerts/id/149