Guess What? Another PC Virus Is Here

in General Discussion edited January 2014
Mimail Worm Spawns Variants

New versions of the e-mail worm take aim at antispam Web sites.

Paul Roberts, IDG News Service

Monday, November 03, 2003

New versions of the Mimail e-mail worm are circulating on the Internet, according to alerts issued Monday from leading antivirus software companies.

The new variants are similar to a version of the worm that appeared last week, Mimail.C, and contain instructions to launch distributed denial of service (DDoS) attacks against a number of antispam and e-commerce Web sites, according to alerts posted by Sophos, Symantec, and others.

The new variations, dubbed Mimail.E, Mimail.F, and Mimail.H all spread using e-mail messages taken from the hard drives of computers the worm infects, Sophos said.

Like other mass-mailing worms, Mimail targets machines running Microsoft's Windows operating system and alters the Windows configuration on those machines it infects to ensure that the worm runs automatically whenever Windows starts, Sophos said.

Lengthy History

The worm first appeared in August and tricked users by appearing to come from an administrator from their own Web domain.

On Friday, another variant of Mimail, Mimail.C, also began spreading and infecting machines worldwide.

The new worm variants have a different subject line and message body than either of the earlier versions of Mimail, according to Sophos.

They also expand the list of Web sites targeted for DDoS attacks, adding prominent spam blacklist sites such as and to the list of targets, as well as e-commerce sites such as, Sophos said.

While some of the target sites were unreachable on Monday, most continued to operate, due in part to the low infection rate of the new variants, according to Chris Belthoff, senior security analyst at Sophos.

Sophos first detected the new variants over the weekend, Belthoff says.

Similar Story

Though they are different from the first Mimail worm and the Mimail.C variant, the new Mimail variants are similar to each other, Belthoff says.

All the new variants are transmitted in an e-mail file attachment named Users who open the compressed ZIP file find the worm program, which they must also click on to decompress and run the program, infecting their computer, he says.

The new variants also come in e-mail messages with the same subject line, "don't be late!" and a similar message body that reads, in part: "Will meet tonight as we agreed, because on Wednesday I don't think i'll make it, so don't be late."

The new worm versions "don't show a lot of imagination," according to Belthoff.

Even without antivirus software, users could filter messages based on the attachment name or the subject line and be confident of stopping the new Mimail varieties, he says.

The simple structure of the worm and the seemingly random list of target Web sites may be evidence that the latest Mimail versions are "me too" copies, spun off from the recent Mimail.C worm by unsophisticated virus writers, Belthoff says.

Sophos and Symantec each posted updated virus definitions of the new variants, as well as instructions on removing Mimail from systems that have been infected.


  • Reply 1 of 6
    defiantdefiant Posts: 4,876member
    Guess what? We're still a mac forum.
  • Reply 2 of 6

    Originally posted by Defiant

    Guess what? We're still a mac forum.

    And, yet, this is very important news for the number of us who work in heterogeneous computing environments. Remember, we're just 5%.
  • Reply 3 of 6
    kecksykecksy Posts: 1,002member
    This is good news, actually. Now the news organizations can stop hyping Jaguar's local security flaws.
  • Reply 4 of 6
    defiantdefiant Posts: 4,876member

    Originally posted by Brad

    And, yet, this is very important news for the number of us who work in heterogeneous computing environments. Remember, we're just 5%.

    That's right. I can now happily look forward to a slow network at work tomorrow.
  • Reply 5 of 6
    aquaticaquatic Posts: 5,602member
    Hahaha. I was wondering why the Internet sucked at URI today but Goddamn Kecksy is right, when tiny little flaws like the Screen Effects password overflow or the current Panther issue are found even mainstream media hypes it for a few days, it even made Google News. For s' sake there are new Windows viruses and issues uncovered HOURLY that are more severe. And Apple always reports and patches any problems immediately and definitively. More than you can say for ...I mean MS.

    The washing machines' student ID card readers in my dorm still don't work and I need to make trips to get quarters, won't work until December and haven't worked since August, thanks to URHigh using Windows SuperCool to run your School PCs.

    When will business and education a freaking clue? The US Army did, and what can be more mission critical than that? I would hope business and education would follow suit on a govmmunt decision, as they usually do. If common sense prevailed after all this Blaster/ Code Red stuff you'd think Apple market share for 03 would rise to 10%, maybe 15 to 20% in 04.
  • Reply 6 of 6
    alcimedesalcimedes Posts: 5,486member
    this thread title ought to be a sticky thread.

    however, this is like saying "the sun rises in the east"
Sign In or Register to comment.