New Mimail Spam Worm Zeroes In on PCs

Just in time for Halloween, a new spam relay worm has begun to circulate via e-mail attachments, aiming to turn PCs into e-mail-spewing zombies.

The worm, dubbed “Mimail.C,” is yet another iteration of the hearty W32 malware strain. It affects PCs running Windows 95 through Windows XP and was first discovered spreading through Europe and the United States on Friday. Internet security company Network Associates rated Mimail.C a medium-level threat.

According to an advisory sent out by IT security firm Guardent, the new Mimail worm does not appear to be destructive. However, because it replicates itself using address books from infected PCs, it has the potential to cause denial-of-service (DoS) outages.

Trick, No Treat

Emory Lundberg, a senior network security engineer at Guardent, told the E-Commerce Times that Mimail.C is not unique, but rather uses the same methods as other worms in its category.

“This one appeals to those who want to see naked pictures,” he said. “People click on it perhaps hoping this time it’s not a virus — but it is.”

The e-mail arrives in a victim’s inbox with the subject line: ” Re[2]: our private photos (random characters here),” while the body of the message reads:

“Hello Dear!,Finally, i’ve found possibility to right u, my lovely girl :)All our photos which i’ve made at the beach (even when u’re withouur bh:))photos are great! This evening i’ll come and we’ll make the best SEX:)Right now enjoy the photos.Kiss, James.(random characters here)”

The worm hides within an e-mail attachment named PHOTOS.ZIP and is activated when a potential victim clicks on it.

Checking Up

Lundberg noted that a possible vulnerability in Outlook Express could activate this Mimail worm even when it has not been opened.

“Part of the problem is that Outlook Express formats messages based on Internet Explorer, so even if you have set up preferences [to be] secure, those settings can still change if the settings in the Web browser are changed,” Lundberg explained.

He said a patch released by Microsoft last April fixes the vulnerability. However, too many people, particularly home users, fail to keep up with the patching process.

“It’s preventative, like getting a checkup at the doctor,” Lundberg said, adding that users in this day and age should assume that attackers will try to compromise their PCs.

The Problem with Patches

Lundberg went on to say that companies like Microsoft increasingly are contacting users as much as possible, rather than relying on users to proactively download the appropriate patch.

However, this more active approach can be problematic for home users, many of whom still access the Internet with a dial-up connection, Gartner research director John Pescatore told the E-Commerce Times, noting that Microsoft’s patches tend to be enormous. “Some are around 34 megabytes in size,” he said. “If you have a dial-up connection, your phone lines could be tied up for four hours.”

Meanwhile, enterprises cannot use auto-update services because they first must assess patches and make sure the fixes do not conflict with existing network applications.

Pescatore noted that Microsoft’s Software Update Services (SUS) program is a good midway point for enterprises. With this service, patches are sent automatically to a company’s server, but IT administrators do not have to push the patches out to client PCs until they have passed all necessary tests.

Annoyance or Reminder?

Pescatore added that even though worms like Mimail are mostly annoyances, it is important to boost PC security anyway. In the future, he noted, similar worms could be set up to steal credit card numbers.

On a lighter note, he also suggested that future viruses and worms should be named the way hurricanes are — in alphabetical fashion.

“Virus names are getting kind of stupid,” he said.