Re: Mimail.C (Denial of Service Attack)
In-Reply-To: <20031031151823.26363.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
it seems that this worm attempts to launch a Denial of Service Attack by
sending a large amount of data to known servers (port 80 / ICMP). The worm
verifies that a connection is active by contacting google.com, then the DoS is
launched against "darkprofits" domains (marketing operation ?)
Due to an increased rate of submissions Symantec Security Response has upgraded
W32.Mimail.C@mm to a Category 3 threat from a Category 2 threat.
http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.c@xxxxxxx
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100795
Regards.
K-OTik Staff /// http://www.k-otik.com
>From: Alan <alan.tennent@xxxxxxxxxxxx>
>To: bugtraq@xxxxxxxxxxxxxxxxx
>Subject: Mimail.C
>
>
>
>The irritation has begun :/
>A new version of Mimail.C has cropped up. It spoofs the recipients domain and
>sends the mail as 'james@<spoofed domain>' and has an attachment:
>pictures.jpg.exe
>
>Some clients have reported massive amounts of lag due to its mass mailing and
>one client's firewall dropped as a result, although this might not be related.
>
>More info can be found on:
>http://www.f-secure.com/v-descs/bics.shtml
>
>Antigen pics the attachment up as I-Worm.WatchNet
>
>Keep an eye out and inform your users
>
>cheers
>