Virus researcher with Computer Associate's, Hamish O'Dea, told ZDNet Australia that while the new MiMail worm is technically of the "garden variety", or no-frills, type it's still managing to sucker in a lot of users through its use of social engineering.
"It's fairly prevalent . . . it's definitely in the top five," he said.
Perhaps one of the reasons for the success of the worm is the adaptive "From" address, he says. The message appears to come from the e-mail address admin@recipient.ccc where "recipient.ccc" is the targeted user's domain name.
"The support@microsoft ones seem to work pretty well too," he said, referring to viruses that spoof an e-mail address of the software giant.
The MiMail message, with the subject of "Your Account", plus a variable string of text, tells the user that their mail account is about to expire, and asks them to read the attachment.
"It actually comes in a zip file and it's HTML," O'Dea said.
If a user extracts the HTML file from the zip file and loads it, the worm will activate by exploiting a vulnerability in Internet Explorer. It then acts as a typical mass mailer, scouring the user's system for e-mail addresses that it can use to propagate to.
O'Dea understands why some people have been fooled by the trickery. After all, HTML is a normal file format for a message. "I get more amazed by people opening executables that claim to be pictures," he said.
He says it's definitely one of the smartest viruses out there.
The numbers confirm it. Mail filtering company MessageLabs has intercepted over 38,000 copies of the worm, however O'Dea says it should melt away fairly quickly.
"It's not going to hang around like Klez or something like that," he said.
Yet another virus that doesn't affect Macs. You get what you pay for......