Another mutant of the fast-spreading MiMail ‘phisher’ virus has started
bombing e-mail inboxes. Security experts say the latest version has been programmed to launch a denial-of-service attack
The virus has been in circulation
since August this year with variants appearing as fake PayPal alerts trying to dupe users into giving up credit card numbers and other sensitive information.
In a new twist, the virus writer has added an SMTP engine to launch a DoS attack against the anti-spam groups like the Spamhaus Project, SPEWS, and SpamCop.
The text of the e-mail that comes with the virus attached includes lewd content and falsely implicates the Spamhaus Project with being involved with child pornography. If executed, the worm spreads itself using addresses harvested from the hard drive of the infected computer.
Anti-virus experts Sophos said the attachment (wendy.zip) contains the executable file named for_greg_with_love.jpg.exe.
The company said the latest mutant was programmed to resend failed
attempts without the attachment. “If the previous e-mail fails to be sent, W32/Mimail-L will then attempt to send another e-mail without an attachment. This email pretends that the recipient’s credit card details have been debited in connection with a transaction for child porn. This appears to be an attempt to panic the recipient, and encourage him to e-mail an address hosted by an anti-spam organization,” the company explained in an alert.
Messaging security firm MessageLabs has maintained a “high risk” rating on the MiMail virus after stopping more than 200,000 infections in more than 100 countries worldwide.
Sophos and Network
Associates have posted instructions of disinfecting PCs affected by the virus.
* For more on the increasing threat of e-mail borne viruses, see our special report: Worms! Flaws! Bugs!