|
Evo sta je poslao Denis Zenkin:
New Mimail Worm Promises "Exotic" Photographs and Harasses E-Gold
Kaspersky Labs, a leading data security software developer, reports the detection of
Mimail.c - a new modification of the infamous network worm, Mimail. There have been
numerous registered reports of infection from this malicious program.
Mimail.c is a classic e-mail worm, spreading via e-mail messages containing the
following characteristics:
Sender address:
james@домен получателя
Subject:
Re[2]: our private photos
Message body:
Hello Dear!,
Finally i've found possibility to right u, my lovely girl 
All our photos which i've made at the beach (even when u're without ur bh:))
photos are great! This evening i'll come and we'll make the best SEX
Right now enjoy the photos.
Kiss, James.
Attachment:
photos.jpg.zip
It is interesting to note that the sender address of infected messages is formed
with the domain of the recipient. This tactic makes it harder to localize the
infection epicentre and may give recipients the impression that the message came
from a colleague or acquaintance.
If someone carelessly opens the infected file attachment and launches Mimial.c, the
worm installs itself into the computer and proceeds to spread through the network.
Firstly, Mimail.c copies itself to the Windows directory under the name
"netwatch.exe", then registers this file in the auto-run key in the system registry,
and creates several additional helper files. To create one of these files, the
Mimail worm uses a built-in ZIP archiving procedure.
To mail itself out, Mimail.c uses another built-in function, a procedure to spread
itself via e-mail using SMTP protocol. The worm scans files in the "Shell Folders"
and "Program Files" catalogues and takes from them text strings likely to be e-mail
addresses. Next, unbeknownst to the victim, Mimail.c mails itself out to the found
email addresses.
Mimail.c has the added ability to cause significant damage to those using the E-Gold
payment system. The worm traces the activity of the E-Gold applications installed on
infected machines, records from them confidential data, and send this information
out to several anonymous e-mail addresses owned by the worm's creator.
Additionally, all infected computers are exploited to carry out a distributed DoS
attacks on the www.darkprofits.com and www.darkprofits.net web sites, sending to
them an endless cycle of random data packets.
The defence against Mimail.c has already been added to the Kaspersky Anti-Virus
database. More details about this malicious program can be found in the Kaspersky
Virus Encyclopedia.
Kaspersky Labs Corporate Communications
|
