Virus Alert: New Version of Mimail Detected

14 Nov 2003
Virus News


Kaspersky Lab has detected a new version of the Mimail Internet worm in the wild. Preliminary investigations suggest that the Mimail.i worm could pose a signinficant threat. Like its predecessors, the latest version of Mimail spreads as an email attachment, which in this case is named paypal.asp.scr. The worm gains control over victim machines only if the attachment is opened. If the victim does launch Mimail, the worm opens a dialogue box where it asks for PayPal credit card information. Any data that is entered is saved in a file named ppinfo.sys, which the worm mails to the virus writer. The defence against Mimail.i has already been added to the Kaspersky Anti-Virus database. A detailed description of Mimail.i is available in the Kaspersky Virus Encyclopedia.