Information on the Mimail Virus

A new virus w32.Mimail.a is spreading rapidly around the world and has been sighted at Virginia Tech. The code can infect all flavors of Windows including Windows 95, 98, ME, NT and 2000.

Infection Methods

This virus propagates by sending an email to other addresses from Admin@<current domain> with a message telling users their email address will be expiring. The virus is contained in an attached file Message.zip. A user must open the zip file in order to become infected.

Campus email servers are catching and removing this virus currently, however new variants may come out at any time and may not be immediatly detected.

Symptoms and Effects

This virus will:

  • Copy itself to the recipients windows folder.
  • Add a registry key.
  • Collect email addresses from many files.
  • Sends data from recipients computer to email addresses contained in the virus.
  • Emails all the collected email addresses with its own SMTP server
  • Adds Zip.tmp and Exe.tmp to the windows folder

There is little actual damage done to the computer, however it will use system resources to perform its file search and emailing.

Removal

The latest virus definitions from Symantec detect this code. For a more detailed description and removal instructions, see:

http://www.sarc.com/avcenter/venc/data/w32.mimail.a@mm.html External Link

A new removal tool for the variant can be found here: http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.a@mm.removal.tool.html.