| VIRUS ALERT
Virus Name:
W32/Mimail@MM
We would like to make all our users aware of a new virus doing the rounds. The virus spreads via email, and fakes the from address of the email. This fake email address is of the form "admin@
". Please note that webonline
does not make use of the email address admin@webonline.co.za
or admin@webonline.biz
for any communications with our clients.
Our email virus scanner has so far been effective against this threat and has blocked all of these virusses to our users.
The virus is received as an email attachment with the following characteristics:
From:
Admin (ADMIN@your_domain)
Subject:
your account %user%
Importance:
High
Hello there,
I would like to inform you about important information regarding your email
address. This email address will be expiring. Please read attachment for details.
--- Best regards, Administrator
Attachment: message.zip
The attached .ZIP file contains a file named MESSAGE.HTM. This file uses the codebase exploit (MS02-015) and MHTML exploit (MS03-014) to automatically create the file foo.exe in the Temporary Internet Files folder and run it. Note: The MS03-014 patch must be applied to prevent the automatic execution of the executable when accessing the MESSAGE.HTM file.
Reference:
http://vil.nai.com/vil/content/v_100523.htm
| 