NI3
11-03-2003, 09:17 AM
By A. ASOHAN
PETALING JAYA: Antivirus companies have issued alerts over a new computer virus worm that not only spreads itself through a user's e-mail program, but which may also steal random data in an infected PC and send it to the creator of the virus.
The new worm, Mimail.C, is an advanced variation of the original Mimail that first appeared in August, according to Sevaraja Velautham, managing director of AVP (SEA) Sdn Bhd, the local distributor of antivirus solutions from Russia's Kaspersky Labs.
It affects any PC running Microsoft Corp's operating systems, from Windows 95 right up to the latest Windows version.
Mimail.C comes with an e-mail promising erotic photographs, but when users click on the attachment "photos.jpg.zip," the worm is executed.
The e-mail message body reads:
Hello Dear!,
Finally i've found possibility to right u, my lovely girl :)
All our photos which i've made at the beach (even when u're without ur bh:))
photos are great! This evening i'll come and we'll make the best *** :)
Right now enjoy the photos.
"Unlike the more insidious recent viruses which can automatically launch themselves, Mimail.C is only activated when you click on the attachment," said Sevaraja, warning users not to do so.
If someone carelessly opens the infected file attachment and launches Mimail.C, the worm installs itself into the computer and proceeds to spread through the network.
First, it copies itself to the Windows directory under the name netwatch.exe, then registers this file in the auto-run key in the system registry, and creates several additional helper files. To create one of these files, the worm uses a built-in ZIP archiving procedure.
To mail itself out, Mimail.C uses another built-in function, a procedure to spread itself via e-mail using SMTP protocol. The worm scans files in the Shell Folders and Program Files catalogues and takes from them text strings likely to be e-mail addresses.
Next, unbeknownst to the victim, Mimail.C mails itself out to the found email addresses.
While the worm does not destroy data on the infected PC, it looks for any evidence that the infected PC uses the E-Gold online payment system, then steals confidential account information and sends it to an anonymous e-mail address as well as to the creator of the virus, who has not yet been identified.
Sevaraja noted that few Malaysians, if any, use E-Gold, but added that Mimail.C could copy other data on the infected PC and send it across via e-mail.
Additionally, infected computers may be used to carry out a what is known as a "distributed denial-of-service" or DDoS attack on the [Only registered and activated users can see links] and [Only registered and activated users can see links] websites.
A DDoS attack seeks to overload a website's computer servers by sending them an endless cycle of random data packets. Such a concerted attack may cause the website's computers to crash.
"The good news is that mimail.C is not as destructive as recent e-mail viruses like MS-Blaster," said Sevaraja. "However, it can steal confidential information from your PC, and this is its main threat."
"Also, once it starts sending out e-mail from your PC, you'll be inadvertently be spamming your friends and contacts," he added.
"Spamming" refers to sending unsolicited e-mail in bulk, which can slow down networks and which e-mail users are increasingly finding a hassle to deal with.
Mimail.C has been rated a "medium" risk by antivirus companies, including Kaspersky Labs.
The virus was first detected late Friday night, and by Saturday morning had already infected tens of thousands of computers in Germany and France, according to various reports.
However, there was little indication that it had hit Malaysia in any great number, Sevaraja said, adding that none of AVP's customers had called to report infections.
In any case, he urged all users to update their antivirus software. For more information, go to [Only registered and activated users can see links] or [Only registered and activated users can see links]
For other antivirus solutions that have issued updates against Mimail.C, go to [Only registered and activated users can see links] [Only registered and activated users can see links] and [Only registered and activated users can see links]
PETALING JAYA: Antivirus companies have issued alerts over a new computer virus worm that not only spreads itself through a user's e-mail program, but which may also steal random data in an infected PC and send it to the creator of the virus.
The new worm, Mimail.C, is an advanced variation of the original Mimail that first appeared in August, according to Sevaraja Velautham, managing director of AVP (SEA) Sdn Bhd, the local distributor of antivirus solutions from Russia's Kaspersky Labs.
It affects any PC running Microsoft Corp's operating systems, from Windows 95 right up to the latest Windows version.
Mimail.C comes with an e-mail promising erotic photographs, but when users click on the attachment "photos.jpg.zip," the worm is executed.
The e-mail message body reads:
Hello Dear!,
Finally i've found possibility to right u, my lovely girl :)
All our photos which i've made at the beach (even when u're without ur bh:))
photos are great! This evening i'll come and we'll make the best *** :)
Right now enjoy the photos.
"Unlike the more insidious recent viruses which can automatically launch themselves, Mimail.C is only activated when you click on the attachment," said Sevaraja, warning users not to do so.
If someone carelessly opens the infected file attachment and launches Mimail.C, the worm installs itself into the computer and proceeds to spread through the network.
First, it copies itself to the Windows directory under the name netwatch.exe, then registers this file in the auto-run key in the system registry, and creates several additional helper files. To create one of these files, the worm uses a built-in ZIP archiving procedure.
To mail itself out, Mimail.C uses another built-in function, a procedure to spread itself via e-mail using SMTP protocol. The worm scans files in the Shell Folders and Program Files catalogues and takes from them text strings likely to be e-mail addresses.
Next, unbeknownst to the victim, Mimail.C mails itself out to the found email addresses.
While the worm does not destroy data on the infected PC, it looks for any evidence that the infected PC uses the E-Gold online payment system, then steals confidential account information and sends it to an anonymous e-mail address as well as to the creator of the virus, who has not yet been identified.
Sevaraja noted that few Malaysians, if any, use E-Gold, but added that Mimail.C could copy other data on the infected PC and send it across via e-mail.
Additionally, infected computers may be used to carry out a what is known as a "distributed denial-of-service" or DDoS attack on the [Only registered and activated users can see links] and [Only registered and activated users can see links] websites.
A DDoS attack seeks to overload a website's computer servers by sending them an endless cycle of random data packets. Such a concerted attack may cause the website's computers to crash.
"The good news is that mimail.C is not as destructive as recent e-mail viruses like MS-Blaster," said Sevaraja. "However, it can steal confidential information from your PC, and this is its main threat."
"Also, once it starts sending out e-mail from your PC, you'll be inadvertently be spamming your friends and contacts," he added.
"Spamming" refers to sending unsolicited e-mail in bulk, which can slow down networks and which e-mail users are increasingly finding a hassle to deal with.
Mimail.C has been rated a "medium" risk by antivirus companies, including Kaspersky Labs.
The virus was first detected late Friday night, and by Saturday morning had already infected tens of thousands of computers in Germany and France, according to various reports.
However, there was little indication that it had hit Malaysia in any great number, Sevaraja said, adding that none of AVP's customers had called to report infections.
In any case, he urged all users to update their antivirus software. For more information, go to [Only registered and activated users can see links] or [Only registered and activated users can see links]
For other antivirus solutions that have issued updates against Mimail.C, go to [Only registered and activated users can see links] [Only registered and activated users can see links] and [Only registered and activated users can see links]