This type of worm is embedded in an e-mail attachment, and spreads using the infected computer's e-mailing networks.
Disinfection & Removal
Email-Worm:W32/Mimail.D is a worm that propagates in infected e-mail attachments.The worm file is a PE executable 24608 bytes long. It is not compressed.
The worm can also exploit a vulnerability to drop and execute a file. Apart from this, Mimail.D does not have a payload.Mimail.D was found on 1 November, 2003.
The worm's file installs itself as VIDEODRV.EXE file into Windows directory and creates a startup key for its file in the Registry:
- [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "VideoDriver" = "%windir%\videodrv.exe"
where %windir% is a Windows directory name.
The worm spreads itself in the following message:
Subject: your account Body: Hello there, I would like to inform you about important information regarding your email address. This email address will be expiring. Please read attachment for details. Best regards, Administrator Attachment: message.zip
The attachment contains message.html which, when opened inƒ€š vulnerable versions of Internet Explorer (IE), will drop an executable named epo.exe and run it. For more information on the IE MHTML vulnerability used here please see http://www.microsoft.com/technet/security/bulletin/MS03-014.asp