Security Firms Raise Threat Assessment Of Mimail.C
A self-mailing worm spread at such a rapid clip Friday that several security firms raised their threat assessments to alert users of the danger.
The worm, pegged as Mimail.C by most antivirus vendors, was discovered just after midnight Friday and is a variation of similar malicious code launched in August. That trend--one successful worm tweaked to create another--is nothing new; the most notable example has been a series of worms dubbed as Sobig, whose latest incarnation last struck in August and September.
Like its predecessor, Mimail.C attempts to steal confidential information from compromised machines and send the harvested data to predetermined E-mail addresses. The actual Windows applications it pickpockets are still under investigation, says Craig Schmugar, a virus research engineer at Network Associates Inc.
The worm is also coded to perform denial-of-service attacks against a pair of Web sites, Darkprofits.com and Darkprofits.net.
Mimail.C disguises its worm payload in a .zip file labeled as PHOTOS.ZIP and tries to trick users into opening the message and launching the file by spoofing the sender address as originating from the user's own domain and using a subject heading of "Re: our private photos."
