A New Modification Of Mimail Sent In Mass Spam Distribution
Posted on 19.01.2004
Kaspersky Labs, a leading information security software developer has detected a mass mailing of a Trojan program "small.cz" which downloads Mimail.p, a new version of the Mimail email worm, from a remote server.

To date, isolated incidents of infection by this malicious software have been reported in various countries throughout the world.

The Trojan has been sent in the guise of a message from the payment system PayPal. The sender's address is falsified as "do_not_reply@paypal.com", the message topic appears as "PAYPAL.COM NEW YEAR OFFER", and the attachment is named paypal.exe. When run, the Trojan in the file connects to a remote server, downloads Mimail.p and installs it in the system.

Mimail, which was created in Russia and first appeared on the Internet at the beginning of August 2003, is a classic email worm, which spreads via mail messages. The new modification of the worm differs from previous versions only by the fact that it is compressed using UPX. This makes it more difficult for some anti-virus programs to detect Mimail.p

After installation, Mimail.p begins the process of replication. The worm first secretly scans several directories of the infected computer and extracts email addresses. It then sends copies of itself to these addresses using its built-in procedure.

The worm has dangerous side effects, which can cause significant harm to users. In particular, Mimail.p tracks the activity of E-Gold and PayPal payment system applications installed on the infected computer. It extracts confidential information and sends this information to a number of anonymous addresses belonging to the worm's author. In the same way, the worm steals other confidential data such as user names and passwords for email, access to system information etc.

Protection against Mimail.p has already been added to the Kaspersky Anti-Virus database.





Spotlight

Staples customers likely the latest victims of credit card breach

Posted on 21 October 2014.  |  Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //