mimail@mm Last Updated 8/01/03 6:20pm
A new email worm, mimail@mm is spreading in the wild. The sender address is spoofed. The spoofed address is created using the infected client's domain. Within the NIH the virus could arrive with the spoofed address of admin@nih.gov or similar address using admin@(domain name).
The subject of the email is:
your account
The message body is similar to:
Hello there,
I would like to inform you about important information regarding your email address. This email address will be expiring. Please read attachment for details.
---
Best regards, Administrator
fhiffxuf
The attachment included with the virus mail is message.zip
The worm copies itself to the C:\WINNT or C:\WINDOWS directories as VIDEODRV.EXE and creates the following registry key:
HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run "VideoDriver"="%Windows%\videodrv.exe"
NAI has released the 4282 Dat/SuperDat. These definitions will detect and remove mimail@mm *Updated 8/1/2003 6:20pm
Symantec detects this worm August 1, 2003 rev 18, or greater definitions. Use the LiveUpdate feature of Norton Antvirus to update your software.*Updated 8/1/2003 6:20pm
More information will be posted as it becomes available.
Do Not Open The Attachment!
This archive is not intended to be comprehensive. For a more complete virus library, please visit NAI's Virus Information Library at http://vil.nai.com.
