This type of worm is embedded in an email attachment, and spreads using the infected computer's emailing networks.
Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
Email-Worm:W32/Mimail.G is a worm that propagates in infected email message attachments. The worm is also capable of launching Denial of Service (DoS) attacks on certain websites.
Mimail.G closely resembles the Mimail.C variant.
Mimail.G was found on 2 November, 2003.
Mimail.G is almost identical to the Mimail.C variant, except in the following points:
1. Mimail.G worm's file is 10784 bytes long, compressed with UPX file compressor and the unpacked file's size is 22560 bytes.
2. The worm installs itself to Windows folder as SYSLOAD32.EXE file and creates a startup key in the Registry:
where %windir% is a Windows directory name.
3. The worm performs a DoS attack on the following sites:
4. The worm spreads itself in the following message:
From: john@ Subject: don't be late! Body: Will meet tonight as we agreed, because on Wednesday I don't think I'll make it, so don't be late. And yes, by the way here is the file you asked for. It's all written there. See you. Attachment: readnow.zip
The attachment is a ZIP archive that contains the worm's executable file (READNOW.DOC.SCR).
5. Mimail.G does not have Mimail.C's spying functionality.
Date Created: -
Date Last Modified: -