Worm masquerades as note from IT staff

Dom · Aug 2, 2003, 09:41 AM

The worm, which is being dubbed "mimail," attempts to exploit a vulnerability in Internet Explorer that allows a script to be executed by an infected computer. The worm then tries to use that script to mass e-mail itself, potentially clogging mail servers or slowing down networks, according to antivirus company Symantec.

The arrival of Mimail comes amid heightened fears that a large-scale attack on the Internet could be looming. The federal government warned this week that a widespread flaw in Windows could be used to generate an attack.

The e-mail that carries the worm has "your account" in the subject line, according to Symantec, and the body reads, "Hello there, I would like to inform you about important information regarding your e-mail address. This e-mail address will be expiring. Please read attachment for details."

It is then signed "Best regards, Administrator" and contains an attachment labeled "message.zip" that carries the malicious code.

In terms of its method, the mimail bug is somewhat similar to other mass-mailing worms, said Sharon Ruckman, a senior director at Symantec Security Response. What's trickier than usual, she said, is the way the e-mail that carriesthe worm tries to get people to open the attachment.

"The social engineering aspect (is) a lot more serious," Ruckman said. "You believe it was the administrator from your own domain, whether that is your company or your ISP."

Also of note, Ruckman said, is that the mass e-mailing code is contained in an HTML file, a type of file not normally associated with executing programs. Ruckman recommended that corporations either delete the attachments at the server level or block messages with the "your account" subject line.

As of 1:45 p.m. PST, Symantec said it had received 125 total submissions of the worm and had rated it as a threat level of 3 on a scale of 1 to 5.

___________________
Source: C|net

Aug 2, 2003, 09:41 AM	#1
Dom DriverHeaven Extreme Member Join Date: Jun 2002 Posts: 12,940 Rep Power: 0	Worm masquerades as note from IT staff The worm, which is being dubbed "mimail," attempts to exploit a vulnerability in Internet Explorer that allows a script to be executed by an infected computer. The worm then tries to use that script to mass e-mail itself, potentially clogging mail servers or slowing down networks, according to antivirus company Symantec. The arrival of Mimail comes amid heightened fears that a large-scale attack on the Internet could be looming. The federal government warned this week that a widespread flaw in Windows could be used to generate an attack. The e-mail that carries the worm has "your account" in the subject line, according to Symantec, and the body reads, "Hello there, I would like to inform you about important information regarding your e-mail address. This e-mail address will be expiring. Please read attachment for details." It is then signed "Best regards, Administrator" and contains an attachment labeled "message.zip" that carries the malicious code. In terms of its method, the mimail bug is somewhat similar to other mass-mailing worms, said Sharon Ruckman, a senior director at Symantec Security Response. What's trickier than usual, she said, is the way the e-mail that carriesthe worm tries to get people to open the attachment. "The social engineering aspect (is) a lot more serious," Ruckman said. "You believe it was the administrator from your own domain, whether that is your company or your ISP." Also of note, Ruckman said, is that the mass e-mailing code is contained in an HTML file, a type of file not normally associated with executing programs. Ruckman recommended that corporations either delete the attachments at the server level or block messages with the "your account" subject line. As of 1:45 p.m. PST, Symantec said it had received 125 total submissions of the worm and had rated it as a threat level of 3 on a scale of 1 to 5. ___________________ Source: C\|net