|
|
To print: Select File and then Print from your browser's menu
-------------------------------------------------------------- This story was printed from ZDNet Australia. --------------------------------------------------------------
|
MiMail.c prevention and cure By Robert Vamosi, 0 November 03, 2003 URL: http://www.zdnet.com.au/insight/soa/MiMail-c-prevention-and-cure/0,139023731,120280437,00.htm
The latest e-mail worm disguises itself as a ZIP file of steamy photos from the beach. MiMail.c (w32.mimail.c@mm) is the third variant of the MiMail virus family, and so far the fastest spreading. It carries with it the potential for a denial-of-service attack and the potential for loss of personal information stored on an infected computer. It does not infect Linux, Mac, or Unix OSs. Because MiMail.c spreads via e-mail and may launch a denial-of -service attack, this worm rates a 6 on the ZDNet Virus Meter.
How it works Should the attached file be opened, MiMail.c will attempt to install itself. It first copies itself to the Windows directory as Netwatch.exe, then updates the system Registry to call upon that file. MiMail.c searches files on the infected hard drive for any e-mail address, then attempts to send copies of itself to each of those addresses. The worm also carries a denial-of-service attack payload. MiMail tests Internet connectivity by attempting to contact the Google Web site. Once an Internet connection is confirmed, the worm then uploads information via port 80 and ICMP, so far, mostly gibberish, to a predetermined list of e-mail addreses in what could be a denial-of-service attack on addresses with the name "darkprofits" within the URL.
What to look for
Netwatch.exe It also creates the following Registry file: Hkey_local_machine\Software\Microsoft\Windows\CurrentVersion\ Run "NetWatch32" = C:\WINNT\Netwatch.exe
Removal
Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved. |
