Email security company MessageLabs has intercepted a new variant of the Mimail email worm -- 32/Mimail.L-mm.
This newest member of the Mimail worm family targets, attacks and attempts to paralyze a number of anti-spam organisations by storming them with unwanted network traffic, and cheating users into bombing them with email.
The Mimail.L worm arrives as a small, executable ZIP attachment to an email with a faked address. The subject line is 'Re[2]' and the message text begins: 'Hi Greg it's (sic) Wendy -- I was shocked, when I found out that it wasn't you but your twin brother!!!'. The rest of the message is pornographic.
The W32/Mimail.L virus hijacks the infected computer and copies itself to the windows folder (look for xu39reu.tmp and x8wui12s.tmp). Once infected, it is open to remote control and will attempt to launch Denial of Service (DoS) attacks against a number of websites, including the anti-spam organisations Spamhaus.org, SpamCop.net, and SPEWS.org.
In an interesting twist, the worm can also launch an email informing recipients that their credit card is to be billed on a weekly basis for 'membership' and that child pornography CDs have been sent to the billing address. To cancel, recipients must send their credit card details to security@europe.spamhaus.org.
MessageLabs first came across the virus on the 1 December in an email that originated in Germany.
A statement released by MessageLabs reported that 288 instances of the virus had been intercepted, and that the majority of the virulent emails had been sent from the US.
The fast-spreading Mimail family of worms dominated anti-virus firms' lists last month.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
