Threat Description

Email-Worm:​W32/Mimail.D

Details

Aliases: Email-Worm:​W32/Mimail.D
Category: Malware
Type: Email-Worm
Platform: W32

Summary



This type of worm is embedded in an e-mail attachment, and spreads using the infected computer's e-mailing networks.



Removal



Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details



Email-Worm:W32/Mimail.D is a worm that propagates in infected e-mail attachments.The worm file is a PE executable 24608 bytes long. It is not compressed.

The worm can also exploit a vulnerability to drop and execute a file. Apart from this, Mimail.D does not have a payload.Mimail.D was found on 1 November, 2003.

Installation

The worm's file installs itself as VIDEODRV.EXE file into Windows directory and creates a startup key for its file in the Registry:

  • [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "VideoDriver" = "%windir%\videodrv.exe"

where %windir% is a Windows directory name.

Propagation

The worm spreads itself in the following message:

Subject:  your account 
Body:  Hello there,  
I would like to inform you about important information regarding your  
email address. This email address will be expiring.  
Please read attachment for details. 
Best regards, Administrator   
Attachment: message.zip  

The attachment contains message.html which, when opened inƒ€š vulnerable versions of Internet Explorer (IE), will drop an executable named epo.exe and run it. For more information on the IE MHTML vulnerability used here please see http://www.microsoft.com/technet/security/bulletin/MS03-014.asp






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More