Virus Alert: WORM_MIMAIL.R

My service (ISP) has been working overtime to block this particular worm.

It seems to be a major attack.

WORM_MIMAIL.R

===========================================================

Description:



A new variant of the MIMAIL worm has been found in the wild. As of January 26, 2004 1:47 PM (US Pacific Time), TrendLabs has declared a yellow alert to control the spread of WORM_MIMAIL.R.

This mass-mailing worm selects from a list of email subjects, message bodies, and attachment file names for its email messages. It spoofs the sender name of its messages so that they appear to have been sent by different users instead of the actual users on infected machines.

It can also propagate using the Kazaa peer-to-peer file sharing network.

It performs a denial of service (DoS) attack against the software business site www.sco.com. It attacks the site if the system date is February 1, 2004 or later. It ceases attacking the site and running most of its routines on February 12, 2004.

It runs a backdoor component, which it drops as the file SHIMGAPI.DLL. The backdoor component opens port 3127 to allow remote users to access and manipulate infected systems. Note that it allows remote access even after February 12, 2004.

This worm runs on Windows 98, ME, NT, 2000, and XP.

Please refer to the Technical Details section for more information on this malware. Note that TrendLabs is currently working to provide a more in-depth analysis of this malware.

Solution:



AUTOMATIC REMOVAL INSTRUCTIONS

To automatically remove this malware from your system, please use Trend Micro Damage Cleanup Services.

MANUAL REMOVAL INSTRUCTIONS

Identifying the Malware Program

Before proceeding to remove this malware, first identify the malware program.

Scan your system with Trend Micro antivirus and NOTE all files detected as WORM_MIMAIL.R. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.

Terminating the Malware Program

This procedure terminates the running malware process from memory. You will need the name(s) of the file(s) detected earlier.

Open Windows Task Manager...

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.R

I got e-mail that looked wrong but seemed to be from people I knew with the name. I read one as I could not be sure if it was not from a family member and it was a sob story.It had just used the same name.

and go with something safe and bulletproof, like The Bat!

http://www.ritlabs.com

It doesn't run worms and viruses like Outlook will.

There are also some other email clients that are quite saafe (Pegasus I think is the name of one, not sure of others).

BUT GET RID OF OUTLOOK!!!

And don't use Eudora, either.

I've been using the Bat! for three years - most deliciously powerful, and yet also easy to use, e-mail client I've encountered. I'll give up my iTunes and AIM and Microsoft Office before I'll give up The Bat!

(the exclamation point is part of the name - that's why I used it so much in this post)