Reply
Sat 2 Aug, 2003 09:37 am
Disguised worm evades antivirus software
From Marsha Walton
CNN - 8/2/03
ATLANTA, Georgia (CNN) --Computer experts have warned of a computer worm that takes advantage of a flaw in Microsoft's Internet Explorer browser.
The latest problem is called "worm/MiMail.A," also known as W32.Mimail.A@mm.
It's a mass-mailing Internet worm that started spreading late Friday afternoon, and according to Central Command, a computer security company, caught many computer systems administrators by surprise.
"Most corporations have e-mail scanning programs that block the entry of a lot of potentially dangerous programs in incoming e-mails," said Steven Sundermeier of Central Command.
But this worm disguises itself by arriving as a zip file, he said, which most scanning programs allow. A zip file is usually a method of condensing information so it can move faster over the Internet.
If a user clicks on the attachment, the worm is launched and creates a mass-mailing of itself, which may clog mail servers or degrade network performance.
Once the problem was identified, corporate computer administrators began blocking e-mails that contained the "message.zip" attachment.
It's not clear what malicious payload MiMail.A might be carrying. Similar worms and viruses have cost companies money and time because their entire computer systems are slowed and clogged dealing with the problem.
As of Friday night, according to Sundermeier, Microsoft had not yet posted a patch, or a fix, for the problem. Usually within a few hours or days after a vulnerability is discovered, security experts design a patch, which computer users can download onto their machines to prevent infection.
In an unusual move Thursday, the Department of Homeland Security joined antivirus and computer security firms in warning about another vulnerability, this one in Microsoft's Windows operating system software.
The flaw, involving so-called "buffer overflows," can fool software into accepting insecure commands that could let intruders remotely take control of someone else's machine, with free rein to destroy or reformat the hard drive, create or destroy files, or scan the machine for passwords, financial or other personal information.
Government experts said hackers have tested new tools in recent days to seize unsecured computers.
Internet security firms issued similar warnings, saying they've seen increased chatter in hacker discussion groups and chat rooms about how to take advantage of Windows' vulnerability.
The company has already issued a patch to protect users against that vulnerability.
While there have not been reports of intruders using the flaw publicized Thursday, it appears to have much more damage potential.
Norton already has a fix for it..
Howdy:
That writeup is a little late (not your post).. Norton has already found the reason it can infect and has a removal tool ready for it.. But, it is a nice reminder for everyone to keep their patches and av programs up to date !!
W32.Mimail@mm is a worm that spreads by email, and that steals information from a user's machine. The email has the following characteristics:
Subject: your account %s
Attachment: message.zip
NOTE: %s refers to a variable string.
The threat captures information from certain windows on a user's desktop and emails it to specific mail addresses.
This threat takes advantage of a known vulnerability. Information about this vulnerability and a Microsoft patch is located at:
http://support.microsoft.com/default.aspx?scid=kb;en-us;330994
System administrators are encouraged to apply the Microsoft patch to prevent infection by this worm.
The worm is packed with UPX.
Virus definitions with a version number of 50801r, also known as August 1, 2003 rev 18, or greater will detect this threat.
Symantec Security Response has created a tool to remove W32.Mimail.A@mm.
Removal Tool
Murray
Microsoft Warns Internet Explorer Users About "worm&quo
Microsoft Warns Internet Explorer Users About "worm" Virus
The Associated Press
Published: Aug 2, 2003
SEATTLE (AP) - Microsoft Corp. is warning its customers about a computer worm that exploits a flaw in its Internet Explorer browser.
A security bulletin on the company's Web site says Microsoft started investigating a "mass mailer worm," dubbed W32/Mimail(at)MM, late Friday morning.
The worm spreads through e-mail if recipients open an attached zip file - used to condense information so it can move faster over the Internet - then open an HTML file inside the zip file, the bulletin said.
The worm exploits a vulnerability the company addressed in a security bulletin issued April 23, the bulletin said.
On Saturday, Microsoft spokesman Sean Sundwall downplayed the worm's potential to cause major security problems.
If someone opens the e-mail, the zip file and the HTML file, the virus is sent to all e-mail addresses the worm finds on that computer, Sundwall said.
"The damage is simply an annoying e-mail," Sundwall said.
Microsoft's Web site directs customers to a security patch designed to fix the problem.