Computer Advisory Notification

Home Table of Contents News Archive CANs Subscribe Products Services Promotions Pricing & Policies About Us Contact Us Links Search This Site Employee Intranet

CAN20031103a
Mimail.D and Mimail.E Worm Variants

Modified Versions of Mimail.C Worm Can Cause Loss of Bandwidth, Denial of Service Attacks

Dates & Revisions

  • Original CAN date: November 3, 2003
  • Latest revision: November 3, 2003

Systems Affected

  • Microsoft Windows 95
  • Microsoft Windows 98
  • Microsoft Windows ME
  • Microsoft Windows NT
  • Microsoft Windows 2000
  • Microsoft Windows XP
  • Microsoft Windows Server 2003
    •

Problem Overview

Two variants of the Mimail.C worm, known as Mimail.D and Mimail.E have been discovered over the last couple of days to be working their way across the Internet as quickly as the Mimail.C worm we warned you about just a few days ago in CAN2031031a. These two new worms are simply variations of the Mimail.C worm with slight changes to their contents and intended targets.

Both variants have the following characteristics:

From: john@<current domain> (The from address may be spoofed to appear that it is coming from the current domain)
Subject: don't be late! [followed by random sequence of letters]
Attachment: readnow.zip (which contains the actual code of the worm)

With either variant, the worm will attempt to send copies of itself to every e-mail address it finds on your computer, which may cause system instability and/or a loss of bandwidth. Both variants also attempt to perform denial-of-service attacks on certain commercial web sites, which further multiplies the effect of loss of bandwidth on an infected system.

Problem Details

For detailed technical descriptions of the problem, please review the following links:

Please note that the organizations controlling the content of the web sites referenced by these links may periodically update the information on their sites as new details about the severity of the threat become known.

What Should I Do?

You should immediately:

  • review the bulletins listed above and
  • delete any such e-mail which you receive without opening the attachment, and
  • update your anti-virus software with the latest available signature files.

What If I Am Unable To Fix The Problem?

If you are unable to correct these problems yourself or are unsure how to proceed, contact Logical Operators by clicking here and arrange to have one of our service technicians check your system and apply the corrections for you (standard service fees will apply). In addition to correcting the problem(s) listed in this CAN, our technicians can also test your system for thousands of other known threats which may be present on your system, make valuable recommendations on securing your system from future threats, and perform numerous other computing services.

Related Information:
 

Recent CAN Newsletters:
 

Recent CANs:

 

If You Are On A Managed Network...

If your computer is on a managed network, you should contact your network administrator before making any changes to your system to ensure that your changes will not conflict with other network services.

What Is A CAN?

You can read an overview of Computer Advisory Notifications by visiting the CANs home page. Complete instructions on how to subscribe to the CANs mailing list (and how to unsubscribe) are also listed there.

If you know of other computer users who would find this information useful, please forward a link to this page or your original CANs e-mail to them.