Skip to main content

Mimail - A New Attack Via an Old Breach

2 August 2003

New fun and games from Russian virus writers. Kaspersky Labs, a leading expert in information security would like to inform you about Mimail, a new Internet worm. Our round-the-clock technical support has already heard of numerous computers infected with this new worm...


New fun and games from Russian virus writers Kaspersky Lab, a leading expert in information security would like to inform you about Mimail, a new Internet worm. Our round-the-clock technical support has already heard of numerous computers infected with this new worm. Mimail is a typical Internet worm that is spread via email. Infected mail contains a false sender address making it difficult to identify the sender and contains the following text: Subject: your account 'number' (this is a random number)Body: Hello there, I would like to inform you about important information regarding your email address. This email address will be expiring.
Please read attachment for details. Best regards, Administrator Attached file: message.zip Mimail is similar to other worms such as Klez and Lentin (Yaha) in that it enters using security breaches in Internet Explorer. The attachment, MESSAGE.ZIP contains another file - MESSAGE.HTML. If the user opens MESSAGE.HTML, the built in Java script enters via Exploit.SelfExecHTML and copies itself onto disk files. It then releases a carrier-file named VIDEODRV.EXE and registers this file in the Windows autorun register. Thus, VIDEODRV.EXE is launched every time the computer is re-booted. Mimail also creates several other files in the Windows directory: EXE.TMP - an HTML worm, ZIP.TMP an archive worm and EML.TMP - the email part. Microsoft discovered the Exploit.SelfExecHTML problem in March 2002 and has released a special patch for the Internet Explorer. Kaspersky Lab strongly recommends downloading this patch in order to prevent further security isssues via this breach. The rapid spread of Mimail is a good reminder that dangerous programs are not only found in EXE files. "It is always a good idea to check all files for viruses before booting up", comments Eugene Kaspersky, founder of Kaspersky Lab and head of anti-virus research. Mimail continues to spread by scanning separate directories on the local hard drive and. It extracts email like text strings on record and records them into EML.TEMP in the Windows directory. Mimail then uses the direct connection to the mail server to send copies of itself to these recipients. Mimail is likely to be the work of Russian virus writers. The hackers used technology practically identical to the Trojan StartPage, which was also written in Russia. "We were lucky this time", notes Eugene Kaspersky, "Mimail is a relatively harmless worm with no serious side effects. The danger is that Mimail takes advantage of a vulnerability in the Internet Explorer, which provides a dangerous precedent for other virus writers and hackers.". Security measures against Mimail can be found in the Kaspersky® Anti-Virus databases, while a more detailed description of the worm is available in the Kaspersky Virus Encyclopedia. .

Mimail - A New Attack Via an Old Breach

New fun and games from Russian virus writers. Kaspersky Labs, a leading expert in information security would like to inform you about Mimail, a new Internet worm. Our round-the-clock technical support has already heard of numerous computers infected with this new worm...
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Innovating the industry with a Cyber Immunity approach, Kaspersky safeguards consumers, businesses, critical infrastructure, and governments from cyberthreats, with over a billion devices protected to date.

Kaspersky ensures Cybersecurity True to Business, focusing on providing clear outcomes, protecting revenue, easing workloads and preventing downtime. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services for organizations of every size, from small businesses to large enterprises, combining proven AI-driven protection technologies with simple management and expert support.

Recognized in independent tests and trusted by millions of individuals worldwide and nearly 200,000 organizations, Kaspersky helps detect threats earlier, respond faster and operate with greater confidence and freedom, protecting what matters most to our clients. Learn more at www.kaspersky.com.

Related Articles Press Releases