|
 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
2 |
 |
Members:
0 |
 |
Total:
2 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 08/01/2003 7:05 PM |
|
| What Is It?
We have become aware by first hand knowledge of a new mass mailing worm called W32.Mimail.A@mm that appears to be spreading very rapidly. I have received two within the last hour, and a client has received multiples within the last hour on every machine in his office of a half-dozen or so users.
This message is a magnificent piece of social engineering. Here is a sample that came to me.
From: admin@<current domain> (The from address may be spoofed as if to appear its coming from the current domain)
To: Dagray
Subject: your account ...
Hello there,
I would like to inform you about important information regarding your email address. This email address will be expiring. Please read attachment for details.
---
Best regards, Administrator
cwbcdsed
The source address is spoofed to make it look like the message really did originate with the administrator of your mail server. However, if you examine the headers closely, which few people do, or even know how to do, you can discover its true origin.
The message is plain text, and has a file called message.zip attached to it. The ZIP file contains a single file, MESSAGE.HTM., which takes advantage of a vulnerability in Microsoft Outlook Express, for which Microsoft issued a patch in April 2003 (3 months ago) to infect your machine and use it to spread further.
What Should I Do?
As always, avoid opening unexpected attachments, even from people you know and trust. That goes double for ZIP files, as these are seldom used to send you their humorous pictures and the like.
Keep your virus scanner up to date. Though both Symantec and McAfee publish their regular updates on Wednesdays, both publish extra updates daily or even hourly that include the newest discoveries.
Whenever Microsoft issues a "roll-up" patch or Service Pack for Windows, Internet Explorer, or Outlook Express, arrange to install it at your earliest convenience. These worm authors take advantage of people's general laziness about updating their systems. In that sense, they are like the common thief; if your computer looks secure, they move on, looking for one that is to attack.
If this announcement is too late and you are already infected, see the references below for removal instructions. We hope, though, that all of our readers have good locks on their virtual doors.
Thanks to client and list subscriber Kevin Cox for sharing his information about the impact of this worm on his small office in Fort Worth, Texas.
References
Symantec virus library: http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.a@mm.html
Network Associates virus library: http://vil.nai.com/vil/content/v_100523.htm
Microsoft Product Security Bulletin MS03-014, mentioned in the Symantec article: http://support.microsoft.com/default.aspx?scid=kb;en-us;330994.
This concludes this Virus Warning notice.
David Gray
P6 Consulting
V: +1 (972) 751-0254
TZ: USA Central, GMT -5
E: mailto:dagray@p6c.com
W: http://www.p6c.com
1141 Hidden Ridge
Suite 1142
75038-3780
USA
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|