[Dshield] Worm/Mimail.G2 virus

Doug Douglass hostmaster at denverdata.com
Mon Nov 3 15:53:58 GMT 2003


I received 9 of these on 11/2 between 4AM and 9AM from an oft-spammed 
mailing list (FYI, amanda-users at amanda.org, amanda is open source backup 
  software). Looks like more were on the way but my mailservers AV 
software self-updated and caught the rest as Worm/Mimail.G2 virus.

The mails have a "readnow.zip" attachment and the following body:



Will meet tonight as we agreed, because on Wednesday I don't think I'll 
make it,

so don't be late. And yes, by the way here is the file you asked for.
It's all written there. See you.

mzamprap
^^^^^^^^

That last line is always a different/random string.

You can DL the quarantined message with attached zip from 
http://www.denverdata.com/~doug/df-05422-35A60368.




More information about the list mailing list