All About Symbian - Nokia (S60) and Sony Ericsson (UIQ) smartphones unwrapped

  #1  
Old 03-11-2003, 01:50 AM
Edgedale's Avatar
Edgedale Edgedale is offline
Moderator
 
Join Date: Sep 2002
Location: Coral Edge, Edgedale Plains, Singapore
Posts: 1,335
Edgedale is on a distinguished road
Exclamation Security Warming: Worm on the loose

Mimail worm spreads in e-mails as a ZIP archive that contains the worm's executable with PHOTOS.JPG.EXE name. The worm tries to perform a DoS (Denial of Service) attack on certain sites and to steal information from infected computer users.


[Description]:

The worm's file is a PE executable 12832 bytes long packed with UPX file compressor. The unpacked file's size is 28192 bytes.

Spreading in e-mails
--------------------

The worm spreads in e-mails as a ZIP archive that contains the worm's executable with the PHOTOS.JPG.EXE name. The worm fakes the sender's e-mail address by composing it from 'james@' and the domain name of a recipient. An infected message looks like that:

From:

james@recipient_domain_name

Subject:

Re[2]: our private photos <some random characters>

Body:

Hello Dear!,

Finally i've found possibility to right u, my lovely girl
All our photos which i've made at the beach (even when u're without ur bh)
photos are great! This evening i'll come and we'll make the best SEX

Right now enjoy the photos.
Kiss, James.
<some random characters>

Attachment:

photos.zip

The worm does not use any exploits to make its file start automatically on a recipient's system. The worm will infect a recipient's computer only when he/she unpacks the executable file from the archive and runs it.

To collect victim's e-mail addresses the worm scans all files on a hard drive except those with the following extensions:

bmp
jpg
gif
exe
dll
avi
mpg
mp3
vxd
ocx
psd
tif
zip
rar
pdf
cab
wav
com

The addresses are saved into the EML.TMP file located in Windows directory.

The worm tries to contact the recipient's SMTP server directly. For this purpose it tries to resolve the current user's DNS server and search for SMTP server info for recipient's domain.
__________________
There's no stupid question just stupid answer

"Ask and you will get. Seek and you will find"
Ads
 

Bookmarks

Tags
loose, security, warming, worm

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT. The time now is 05:40 PM.


vBulletin skins developed by: eXtremepixels
Powered by vBulletin® Version 3.8.0
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Copyright Notes || Contact Us || Privacy Policy