[Dshield] W32/Mimail.c@mm - Distribution(High)

Doug Douglass hostmaster at denverdata.com
Fri Oct 31 23:45:24 GMT 2003


Rohit Dhamankar wrote:
> Has anybody seen a copy of this yet ?
> Rohit

I got two hits today from an oft-spammed mail list (see example below). 
I tracked the source of both mails to 61.17.34.10.

If any one is interested I could put the quarantined email up on the web 
for download.



* * * * * * * * * * * * * * * Vexira ALERT * * * * * * * * * * * * * * *
This version of Vexira MailArmor is licensed and full featured.

Vexira has detected the following in a mail sent through your server:

	Worm/Mimail.C2 virus	

The mail was not delivered.

It has been quarantined with the following queue id:

	20440-7D3E2FC8

Mail-Info:
--8<--
  Message-Id: <200310311616.h9VGGYTq008533 at guinness.omniscient.com>
  Sender: owner-amanda-users at amanda.org
  From: james at amanda.org
  To: Amanda-users <amanda-users at amanda.org>
  Date: Fri, 31 Oct 2003 11:16:34 -0500 (EST)
  Subject: Re[2]: our private photos                 lioltimt
  Mail-From: owner-amanda-users at amanda.org
  Rcpt: amanda at denverdata.com
  Queue-Id: 20440-7D3E2FC8
  Status: The mail was not delivered!
--8<--




More information about the list mailing list