Re: WORM_MIMAIL.A Anyone have any info on what this does yet?

Michael.Washington_at_fitchratings.com
Date: 08/01/03

  • Next message: Esler, Joel Contractor: "RE: RPC DCOM exploit" 
    To: Danny <drh26@drexel.edu>
Date: Fri, 1 Aug 2003 13:24:36 -0500

    McAfee here identified it as EXPLOIT-CODEBASE, but this is listed as known
    in their dictionary since 2002. May be a misidentification on engine's
    part. No cleaner was yet available. Checking with McAfee Avert and
    WebImmune.

                                                                                                                                           
                          Danny
                          <drh26@drexel.edu To: incidents@securityfocus.com
    > cc:
                                                   Subject: WORM_MIMAIL.A Anyone have any info on what this does yet?
                          08/01/2003 12:56
                          PM
                                                                                                                                           
                                                                                                                                           

    We are getting flooded with these little puppies, does anyone have any
    additional info on what this thing does once it infects a host?
    I'll be infecting a box to test myself after i send this email but if
    anyone has done testing already it would great to hear your input.

    Norton have released a Def for this and identify the virus as
    WORM_MIMAIL.A
    (http://securityresponse.symantec.com/avcenter/venc/data/
    w32.mimail.a@mm.html)

    If any one would like a copy of the original code you can get it at
    http://akasha.irt.drexel.edu/message.zip

    Danny
    Work - http://www.eBoundary.com - Secure, FreeBSD hosting.
    Play - http://www.eBoundary.net - Who really sets your electronic
    boundaries?
    AIM: eBoundaryTch | ICQ: 3090141

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Esler, Joel Contractor: "RE: RPC DCOM exploit"

    Relevant Pages

    • Re: WORM_MIMAIL.A Anyone have any info on what this does yet?
      ... JayW ... McAfee here identified it as EXPLOIT-CODEBASE, ... additional info on what this thing does once it infects a host? ...
      (Incidents)
    • Re: Macafee antivirus software
      ... If you need more suport for the McAfee program you can also post your ... issueat the McAfee Support Forum: ... > main problem was that the worm disabled virusscan and though I was ... I think that all upgrade packages should include a cleaner ...
      (microsoft.public.security.virus)