[Dshield] New version of Mimail perhaps

Deb Hale haled at pionet.net
Thu Dec 18 16:03:31 GMT 2003



FYI,  Just wanted to let you know that one of my clients has received some
suspicious emails today that appear to have a new virus. It appears to be
another version of Mimail because it has similar characteristics. It appears
to be coming from a fictious user at their domain name and is being sent to
users at their domain name.  Fortunately they do not have a user with the
fictious user ID so the users were suspicious and contacted me. The content
of the email is a subject of "don't be late! Mipmokho" and indicates that
the sender has a meeting with the receiver.  It has an attachment
"readnow.zip" which is a common attachment for the suspected virus.  Upon
receiving the email, (not opening) - the NAV auto protect was disabled and
errored out.  I was unable to restore NAV until I shutdown and restarted the
computers.   I have sent the file to Symantec to be analyzed. Just thought
you might like to know. 


Deb





More information about the list mailing list