Security Firms Raise Threat Assessment Of New Worm
The worm, known as Mimail.C, is a variation of similar malicious code that was launched in August.
A self-mailing worm spread at such a rapid clip Friday that several security firms raised their threat assessments to alert users of the danger.
The worm, pegged as Mimail.C by most antivirus vendors, was discovered just after midnight Friday and is a variation of similar malicious code launched in August. That trend--one successful worm tweaked to create another--is nothing new; the most notable example has been a series of worms dubbed as Sobig, whose latest incarnation last struck in August and September.
Like its predecessor, Mimail.C attempts to steal confidential information from compromised machines and send the harvested data to predetermined E-mail addresses. The actual Windows applications it pickpockets are still under investigation, says Craig Schmugar, a virus research engineer at Network Associates Inc.
The worm is also coded to perform denial-of-service attacks against a pair of Web sites, Darkprofits.com and Darkprofits.net.
Mimail.C disguises its worm payload in a .zip file labeled as PHOTOS.ZIP and tries to trick users into opening the message and launching the file by spoofing the sender address as originating from the user's own domain and using a subject heading of "Re: our private photos."
Because it's a mass-mailed worm--and collects E-mail addresses from infected Windows systems to propagate--Mimail may clog mail servers or degrade network performance, Symantec Corp. said in an E-mailed alert.
But "it's nowhere near as effective in mailing itself as was Sobig," Schmugar says. Although there could be a spike in propagation, and thus E-mail traffic, as workers leave work and fire up their home PCs, Schmugar doesn't expect the worm to reach the rate of multiplication that Sobig achieved.
Nonetheless, antivirus organizations raised their alert levels to account for the pace of Mimail's spread. Network Associates, for instance, tagged the worm as a "medium" threat, while Symantec upped its assessment from a 2 to a 3 on its 1-to-5 system to designate virus danger.
Antivirus vendors such as Network Associates and Symantec have already refreshed their virus definitions to account for Mimail, and urge their users to update.
Other tactics to stymie Mimail include filtering for the .zip extension at the E-mail gateway and configuring antivirus software to sniff for malware embedded inside compressed files, says Ken Dunham, an analyst with iDefense, a security intelligence firm.
"Many corporations allow for .zip files to be transferred to others through E-mail," Dunham said in an E-mailed statement. "As a result, Mimail.C has the upper hand when infiltrating networks configured to allow .zip attachments."
The .zip attachment also gets by Microsoft's Outlook E-mail client, which automatically blocks a number of file types--ranging from .exe to .pif--but not .zip.
Infected PCs can be cleaned using an automated removal tool posted at BitDefender Inc.'s Web site. Additionally, Network Associates has listed instructions for manually eliminating Mimail on its site.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.