PDA

Visualizza versione completa : W32.Mimail.C/D/E/F/G/H.worm - Rischio 4 - Update


Giorgius
01-11-2003, 16.21.37
http://securityresponse.symantec.com/avcenter/graphics/ssrc/security_alert_on.jpg


14:44 VIRUS: SOPHOS SEGNALA W32/MIMAIL-C

(ASCA) - Roma, 31 ott - Un nuovo identity file (Ide) e'
disponibile sul sito di Sophos e sara' incluso nella versione
di dicembre 2003 (3.76) di Sophos Anti-Virus. Sophos ha
ricevuto diverse segnalazioni su W32/Mimail-C, un worm
costituito da un file a 32 bit.
Questo worm e' anche noto come W32/Mimail.C@mm,
I-Worm.NetWatch, W32/Bics@mm. Maggiori informazioni su
W32/Mimail-C sono disponibili all'indirizzo
www.sophos.com/virusinfo/analyses/w32mimailc.html. E'
possibile scaricare il file Ide da
www.sophos.com/downloads/ide/mimailc.ide.
Per informazioni su come usare i file Ide:
www.sophos.com/downloads/ide/using.html.


Aliases:
W32/Mimail.C.worm (Panda Software), W32.Mimail.C@mm (Symantec), WORM_MIMAIL.C (Trend Micro), W32/Mimail.c@MM (McAfee), W32/Mimail-C (Sophos), I-Worm.Mimail.c (Kaspersky (viruslist.com)), WORM_MIMAIL.C-1 (Trend Micro), I-Worm.NetWatch (Otros), W32/Bics@mm (Otros), W32/Mimail.C@MM (Hacksoft), Worm.W32/Mimail.C

Effetti:
Mimail.C is a worm that spreads via e-mail in a message with a subject that contains the text Re[2]: our private photos and an attachment called PHOTOS.ZIP. The attached file contains a file with a double extension called PHOTOS.JPG.EXE.
Mimail.C launches DoS (Denial of Service) attacks against web servers.

Info:
http://www.symantec.com/avcenter/venc/data/w32.mimail.c@mm.html
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=41539
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.C
http://www.enciclopediavirus.com/virus/vervirus.php?id=607
http://esp.sophos.com/virusinfo/analyses/w32mimailc.html
http://www.hacksoft.com.pe/virus/w32_mimail_c.htm
http://www.k-otik.com/news/10.31.Mimail.C.php
http://www.pspl.com/virus_info/worms/mimailc.htm
http://www.quickheal.com/mimailc.htm
http://www.kasperskylabs.com/news.html?id=1880823
http://www.norman.com/virus_info/w32_mimail_c_mm.shtml
http://www.nod32.it/pedia/m/mimail-c.htm
http://srnmicro.com/virusinfo/mimailc.htm


Aggiornamento AntiVirus al 01.11.03 ;)(Y)

Giorgius
01-11-2003, 16.32.01
Removing Worm Tools:
http://www.symantec.com/avcenter/FxMimail.exe
http://www.k-otik.com/antivirus/10.31.FxMimail.exe
http://download.nai.com/products/mcafee-avert/stinger.exe
http://www.pspl.com/download/cleanmm.exe
http://www.bitdefender.com/bd/downloads/removaltools/Antimimail-en.exe
http://www.nod32.it/cgi-bin/mapdl.pl?tool=MimailC
http://www.trendmicro.com/download/dcs.asp
http://www.nod32.it/cgi-bin/mapdl.pl?tool=MimailG

Altri Link utili:
http://www.wintricks.it/forum/showthread.php?threadid=56594

Giorgius
01-11-2003, 16.56.55
E-Mail Virus Turns PCs into Spam Machines
Fri October 31, 2003 12:38 PM ET

LONDON (Reuters) - A new e-mail virus capable of turning infected personal computers into "spamming" machines emerged on Friday targeting corporate and home users in Europe and the United States, a computer security expert said.
Anti-virus software makers Trend Micro reported that tens of thousands of its corporate computer users in France and Germany were hit on Friday afternoon by the virus, dubbed "Mimail.C."

By 11:30 a.m. ET on Friday, there were reports of infections in the United States too, said Raimund Genes, European president of Trend Micro.

The firm had a "medium risk" rating on the bug. "We may be upgrading it to high risk if it spreads in the U.S.," he added.

The virus carries the subject message line "our private photos ???." Opening the e-mail triggers the virus into action.

The virus installs an SMTP, or simple mail transfer protocol, program on an infected PC that turns the computer into a type of e-mail computer server capable of sending out torrents of virus-infected messages, Genes said.

The e-mail has spread quickly because it spoofs e-mail addresses, making it appear as if the e-mail comes from a friend or co-worker. "It's an old spammers trick," said Genes.

The virus is not believed to be particularly damaging to the infected computer, but it has the potential to unleash a flood of virus e-mails that could bog down corporate networks, Genes said.

Giorgius
01-11-2003, 17.14.11
MiMail worm uses ZIP files to rampage across corporations

Beware the variant is in the wild

By INQUIRER staff: venerd́ 31 ottobre 2003, 19.52

A NEW variant of the MiMail worm family, version C, is proliferating across the world, according to security firm iDefense.
MiMail.C has a DDoS component to attack DarkProfits domains and there's likely to be increased activity on Port 80, according to Ken Dunham a security officer at the firm.

He says it's dangerous for corporation, many of which allow people to transfer ZIP files to each other using email.

That means, he says, that MiMail.C "has the upper hand when infiltrating networks configured to allow ZIP attachments".

Anti-viral programs should be tweaked to check compressved archives, he warns. But some AV progs might experience difficulties scanning such archives.

Giorgius
01-11-2003, 19.15.35
- 12:00 TREND MICRO: ALLARME GIALLO PER WORM_MIMAIL.C

(ASCA) - Roma, 3 nov - Trend Micro ha segnalato
il nuovo WORM_MIMAIL.C, noto anche come W32.Bics.A,
I-Worm.WatchNet, Mimail.C, W32/Mimail.c@MM, W32/Mimail-C.
A questo worm e' stato assegnato un livello di rischio
Medio, oltre a una potenzialita' distruttiva e di
diffusione Alta. WORM_MIMAIL.C e' in rapida diffusione e
invoglia i destinatari ad aprire il messaggio usando il
sesso come soggetto. In seguito alle parecchie
segnalazioni di infezione ricevute, Trendlabs Europa ha
dichiarato un ''allarme giallo'' per questo worm ad alto
rischio. Il worm risiede in memoria e si propaga
attraverso la posta elettronica grazie a un proprio motore
Smtp (Simple Mail Transfer Protocol). I messaggi di posta
elettronica arrivano con questo formato:
A:
admin@???
Soggetto: Re: our private photos ???
Corpo
del messaggio:
Hello Dear!,
Finally i've found
possibility to right u, my lovely girl :) All our photos
which i've made at the beach (even when u're without ur
bh:)) photos are great! This evening i'll come and we'll
make the best SEX :)
Right now enjoy the photos
Kiss,
James.
??? (Note: ??? is a variable string)
Allegato:
''photos.zip''
Il worm funziona su Windows 95, 98, Me, Nt,
2000 e Xp. Le informazioni su come rimuovere il worm e
tutti i dettagli su come proteggere i sistemi sono
disponibili sul sito http://it.trendmicro-europe.com


- New worm poses DoS attack threat
Last modified: October 31, 2003, 1:13 PM PST
By David Becker
Staff Writer, CNET News.com

Security experts warned Friday of a potentially harmful new e-mail worm that is slowly spreading among corporate and home e-mail users.
http://news.com.com/2100-7349_3-5100741.html?tag=nefd_top

Giorgius
02-11-2003, 16.18.31
W32.MIMAIL.D:

Mimail.D cerca indirizzi e-mail cui inviare una
copia di se stesso attraverso il proprio motore Smtp.
Considerando le segnalazioni finora ricevute e la
possibilita' che il numero di infezioni cresca, Panda
Software consiglia agli utenti di fare attenzione ai
messaggi in arrivo e di aggiornare l'antivirus al piu'
presto. Panda Software ha gia' rilasciato gli aggiornamenti
per rilevare ed eliminare Mimail.C e Mimail.D. Gli utenti
possono anche rilevare questo e altri codici maligni
attraverso Panda Activescan, antivirus gratuito
disponibile all'indirizzo www.pandasoftware.com. Per
maggiori informazioni su Mimail.C e Mimail.D:
www.pandasoftware.com/virus_info/encyclopedia.

Effetti:
W32.Mimail.D@mm is a variant of W32.Mimail.C@mm that spreads by email. It is packed with UPX.

Info:
http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.d@mm.html
http://www.enciclopediavirus.com/virus/vervirus.php?id=608
http://www.bitdefender.com/bd/site/virusinfo.php?menu_id=1&v_id=169
http://srnmicro.com/virusinfo/mimaild.htm


W32.MIMAIL.E:
10:02 VIRUS: SOPHOS SEGNALA W32/MIMAIL-E

(ASCA) - Roma, 3 nov - Un nuovo identity file (Ide) e'
disponibile sul sito di Sophos e sara' incluso nella versione
di dicembre 2003 (3.76) di Sophos Anti-Virus. Finora Sophos
ha ricevuto solo una segnalazione su W32/Mimail-E, un worm
costituito da un file a 32 bit. Questo worm e' anche noto
come I-Worm.Mimail.e. Maggiori informazioni su W32/Mimail-E
sono disponibili all'indirizzo
www.sophos.com/virusinfo/analyses/w32mimaile.html. E'
possibile scaricare il file Ide da
www.sophos.com/downloads/ide/mimaile.ide. Per informazioni su
come usare i file Ide:
www.sophos.com/downloads/ide/using.html.

Effetti:
W32.Mimail.E@mm is a variant of W32.Mimail.C@mm that spreads by email. It is packed with UPX.

Info:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.E
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100797
http://www.enciclopediavirus.com/virus/vervirus.php?id=609
http://www.secuser.com/alertes/2003/mimaile.htm
http://www.pspl.com/virus_info/worms/mimaile.htm

Giorgius
02-11-2003, 16.56.11
Experts say a new e-mail virus that is capable of turning computers into 'spamming' machines.
October 31, 2003: 1:05 PM EST

LONDON (Reuters) - A new e-mail virus capable of turning infected personal computers into "spamming" machines emerged Friday, targeting corporate and home users in Europe and the United States, a computer security expert said.
http://money.cnn.com/2003/10/31/technology/internet_virus.reut/index.htm?cnn=yes

Giorgius
03-11-2003, 09.59.35
10:03 VIRUS: SOPHOS SEGNALA W32/MIMAIL-F

(ASCA) - Roma, 3 nov - Un nuovo identity file (Ide) e'
disponibile sul sito di Sophos e sara' incluso nella versione
di dicembre 2003 (3.76) di Sophos Anti-Virus. Sophos ha
ricevuto diverse segnalazioni su W32/Mimail-F, un worm
costituito da un file a 32 bit.
Questo worm e' anche noto come I-Worm.Mimail.g,
W32/Mimail.gen@MM. Maggiori informazioni su W32/Mimail-F sono
disponibili all'indirizzo
www.sophos.com/virusinfo/analyses/w32mimailf.html. E'
possibile scaricare il file Ide da
www.sophos.com/downloads/ide/mimailf.ide. Per informazioni su
come usare i file Ide:
www.sophos.com/downloads/ide/using.html.


Screenshot:

http://www.trendmicro.com/vinfo/images/worm_mimail_f_img1.gif

Aliases:
WORM_MIMAIL.F (Trend Micro), W32.Mimail.E@mm (Symantec), Win32/Mimail.F (Enciclopedia Virus (Ontinent)), I.worm.mimail.f@mm (Otros), W32/Mimail.F@mm (PerAntivirus), WORM_MIMAIL.F-1 (Trend Micro), I-Worm.Mimail.f (Kaspersky (viruslist.com)), Worm.W32/Mimail.F@MM

Effetti:
Similar to its other variants, this worm propagates through email using its own Simple Mail Transfer Protocol (SMTP) engine.

Info:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.F
http://www.vsantivirus.com/mimail-f.htm
http://www.perantivirus.com/sosvirus/virufamo/mimailf.htm
http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.f@mm.html


Aggiornamento AntiVirus al 03.11.03 ;)(Y)

Giorgius
03-11-2003, 16.27.14
(ASCA) - Roma, 3 nov - Un nuovo identity file (Ide) e'
disponibile sul sito di Sophos e sara' incluso nella versione
di dicembre 2003 (3.76) di Sophos Anti-Virus. Sophos ha
ricevuto diverse segnalazioni su W32/Mimail-H, un worm
costituito da un file a 32 bit.
Maggiori informazioni su W32/Mimail-H sono disponibili
all'indirizzo
www.sophos.com/virusinfo/analyses/w32mimailh.html. E'
possibile scaricare il file Ide da
www.sophos.com/downloads/ide/mimailh.ide. Per informazioni su
come usare i file Ide:
www.sophos.com/downloads/ide/using.html.

Effetti:
Mimail.H is a worm that spreads via e-mail in a message with a subject that contains the text don't be late! and an attachment called READNOW.ZIP. The attached file contains a file with a double extension called READNOW.DOC.SCR.

Mimail.H launches DoS (Denial of Service) attacks against the following web servers: spamhaus.org, spews.org, www.spamhaus.org and www.spews.org.

Info:
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=41603&sind=0

Giorgius
06-11-2003, 10.31.44
Aliases:
I-Worm.Mimail.h [Kaspersky], W32/Mimail-H [Sophos], W32/Mimail.h@MM [McAfee], WORM_MIMAIL.H [Trend], Mimail.H [F-Secure]

Effetti:
W32.Mimail.G@mm is a variant of W32.Mimail.C@mm that spreads by email. It is packed with UPX.
The email has the following characteristics:
Subject: don't be late! [random string of letters]
Attachment: readnow.zip (contains readnow.doc.scr)
- Symantec:
Note: Virus definitions dated prior to November 5, 2003 may detect this threat as W32.Mimail.D@mm.

Info:
http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.g@mm.html


Aggiornamento AntiVirus al 05.11.03 ;)(Y)