E-mail this

  • Home

  • Search
  • Send Comments
  • What's New
  • Hottest 25
      Legends

  • Odd News
  • Glossary
  • FAQ

  • Autos
  • Business
  • Cokelore
  • College
  • Computers

  • Crime
  • Critter Country
  • Disney
  • Embarrassments
  • Food

  • Glurge Gallery
  • History
  • Holidays
  • Horrors
  • Humor

  • Inboxer Rebellion
  • Language
  • Legal
  • Lost Legends
  • Love

  • Luck
  • Media Matters
  • Medical
  • Military
  • Movies

  • Music
  • Old Wives' Tales
  • Photo Gallery
  • Politics
  • Pregnancy

  • Quotes
  • Racial Rumors
  • Radio & TV
  • Religion
  • Risqué Business

  • Science
  • September 11
  • Sports
  • Titanic
  • Toxin du jour

  • Travel
  • Weddings

  • Message Archive
 
Home --> Computers --> Virus Hoaxes & Realities --> Mimail

Mimail

Virus name:   Mimail   (message.zip)

Status:   Real.

Example:   [Collected on the Internet, 2003]

From: admin@yahoo.com
Subject: your account

Hello there,

I would like to inform you about important information regarding your
email address. This email address will be expiring.
Please read attachment for details.

---
Best regards, Administrator
auaaaoia

Origins:   Mimail, a self-replicating worm, hit the Internet in August 2003. It replicates by sending a message purporting to come from an administrative account at the recipient's e-mail domain (i.e., if the recipient's e-mail address is <user@snopes.com>, the return address on the Mimail-infected message will be <admin@snopes.com>) which warns the reader that his "email address will be expiring" and that he needs to "read [the] attachment for details." The attachment is an archive file named Message.zip (because ZIP attachments are not screened out by some mail filters) which contains the file Message.htm. The Message.htm file exploits a flaw in Microsoft Outlook Express to create and execute a worm (using the filename Foo.exe) which replicates itself by sending out more e-mail from the infected system.

The Mimail worm does not appear to cause any damage to the systems it infects (other than using them as bases from which to spread itself). Microsoft has released a patch for Outlook Express which closes the security hole exploited by Mimail. Symantec has also issued a removal tool to clean Mimail-infected systems.

Additional Information:
Information on Mass Mailer Worm W32/Mimail@MM Information on Mass Mailer Worm W32/Mimail@MM
(Microsoft)
W32.Mimail.A@mm W32.Mimail.A@mm
(Symantec)
Last updated:   28 January 2008

Urban Legends Reference Pages © 1995-2014 by snopes.com.
This material may not be reproduced without permission.
snopes and the snopes.com logo are registered service marks of snopes.com.