Saturday, August 2, 2003

MiMail worm

Just a short explanation of what it does:

The worm shows up in your inbox with a (possibly) zipped file attachment, usually and a return address of "admin@somedomain" (where somedomain = a valid domain, possibly yours). Unzipping the file creates message.htm. Clicking on the web file fires up your Internet Explorer browswer and runs the JavaScript-based worm hidden the the file.

The worm then gathers e-mail addresses from the local machine, generates new infected messages and sends them to the collected addresses via a list of known open relays. Congratulations, you've just spammed your friends, family, and coworkers with infected messages.

Precautions to take:

  • Make sure your browser is up-to-date (the vulnerability this worm exploits has been around since January)
  • Don't open unsolicited mail from people you don't know, especially those with attachments.
  • Install an anti-virus product and keep it up-to-date.