Alias:W32.Mimail.Gen, W32/Mimail.gen@MM [McAfee], W32.Mimail.M@mm, W32/Mimail
Type:Worm 
Size:10,784 Bytes 
Origin: 
Date:00-00-0000 
Damage:Sent by email. 
VDF Version:6.23.00.00 
Danger:Medium 
Distribution:High 

DistributionThe worm uses its own SMTP engine for email spreading. The email contains:

From: Wendy
Subjekt: Re[3]
Body: Hello Greg, I was shocked, when I found out that it wasn't you but your twin brother!!! That's amazing, you're as like as two peas. No one in bed is better than you Greg. I remember, I remember everything very well, that promised you to tell how it was, I'll give you a call today after 9. I'm so thankful to you, for acquainted me to your brother. I think we can do it on the next Saturday all three together? What do you think? O yes, as you wanted I've made a few pictures check them out in archive, I hope they will excite you, and you will dream of our new meeting... Wendy.
Attachment: Only_for_greg.zip

Technical DetailsWhen activated, Worm/Mimail.M1 copies itself as %WinDIR%\netmon.exe and makes the registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "NetMon" = "%WinDIR%\netmon.exe"

The worm collects email addresses from all files, excluding the following types:
com wav cab pdf rar zip tif psd ocx vxd mp3 mpg avi dll exe gif jpg bmp. These addresses are saved in the file %WinDIR%\xjwu2.tmp.

It checks for a valid Internet connection and tries to open www.register.com.
Descrizione inserita da Crony Walker su martedì 15 giugno 2004

Indietro . . . .