Re: WORM_MIMAIL.A Anyone have any info on what this does yet?

Michael.Washington_at_fitchratings.com
Date: 08/01/03

  • Next message: Esler, Joel Contractor: "RE: RPC DCOM exploit"
    To: Danny <drh26@drexel.edu>
    Date: Fri, 1 Aug 2003 13:24:36 -0500
    
    

    McAfee here identified it as EXPLOIT-CODEBASE, but this is listed as known
    in their dictionary since 2002. May be a misidentification on engine's
    part. No cleaner was yet available. Checking with McAfee Avert and
    WebImmune.

                                                                                                                                           
                          Danny
                          <drh26@drexel.edu To: incidents@securityfocus.com
    > cc:
                                                   Subject: WORM_MIMAIL.A Anyone have any info on what this does yet?
                          08/01/2003 12:56
                          PM
                                                                                                                                           
                                                                                                                                           

    We are getting flooded with these little puppies, does anyone have any
    additional info on what this thing does once it infects a host?
    I'll be infecting a box to test myself after i send this email but if
    anyone has done testing already it would great to hear your input.

    Norton have released a Def for this and identify the virus as
    WORM_MIMAIL.A
    (http://securityresponse.symantec.com/avcenter/venc/data/
    w32.mimail.a@mm.html)

    If any one would like a copy of the original code you can get it at
    http://akasha.irt.drexel.edu/message.zip

    Danny
    Work - http://www.eBoundary.com - Secure, FreeBSD hosting.
    Play - http://www.eBoundary.net - Who really sets your electronic
    boundaries?
    AIM: eBoundaryTch | ICQ: 3090141

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Esler, Joel Contractor: "RE: RPC DCOM exploit"