Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Mimail.C@mm

Overview

Threat Risk MEDIUM MEDIUM
Destructivity MEDIUM MEDIUM
Payload Denial-of-service attack
Detection files published 30 Oct 2003 03:00:00
Description created 01 Nov 2003 06:06:00
Description updated 01 Nov 2003 06:11:00
Malware type WORM
Alias W32/Bics.A
Spreading mechanism EMAIL
Summary None

W32/Mimail.C@mm

Spreading

This worm is quite similar to the Mimail.A email worm, except that it does not use any security vulnerabilities to execute.

When run, it copies itself to the Windows directory and install itself in the registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run NetWatch32 = [WINDIR] etwatch.exe

Payload Details

The worm attempts to perform a denial-of-service attack agains a set of addresses belonging to darkprofits.com.

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:12