[PBARC] Mimail.C - virus alert

[WOLF, EARNEST G]

A new Internet worm that steals information from users' computers and
attempts to shut down two Web sites is spreading, antivirus vendors warned
last week. 

The worm, dubbed Mimail.C, is a variant of the W32.Mimail worm that surfaced
in August. Antivirus software vendors including Symantec, F-Secure and
Network Associates rate the worm a "medium" level threat, indicating that it
is infecting computers and spreading. 

Mimail.C was discovered on Friday, October 31, the vendors said in bulletins
on their Web sites. It arrives as an e-mail with "our private photos" in the
subject line and an attached ZIP archive file called "photos.zip." The
sender's address is faked to be "james" at the receiver's domain and the
body of the message promises revealing photos of a girl at a beach, the
antivirus vendors said. 
The worm with its attachment was mass-mailed, which most likely started its
propagation, according to an alert from Network Associates. 

Infection starts when the recipient unpacks the "PHOTOS.JPG.EXE" file from
the attachment and runs it. The worm will harvest e-mail addresses from the
user's PC to mail itself to. It will also send information captured from
applications the user has open to certain e-mail addresses programmed into
the malicious code, the antivirus companies said. 

The worm will also attempt to launch a denial of service (DoS) attack on Web
sites at darkprofits.com and darkprofits.net, the vendors said. Both sites
were temporarily unreachable. 

All of the main antivirus vendors said they have updated their software to
protect customers against the newly discovered worm

Thanks,

Glenn


Phone:
    Internal:   8-760-3948
    External: 870-541-3948
    Pager:    800 264-2535 1088

EMail:
    Company: ewolf@entergy.com
    Pager:      5018001088@pageme.teletouch.com
                   (about 120 characters)