Home / malware Email-Worm:W32/Mimail.G
First posted on 26 July 2010.
Source: SecurityHomeAliases :
There are no other names known for Email-Worm:W32/Mimail.G.
Explanation :
This type of worm is embedded in an e-mail attachment, and spreads using the infected computer's e-mailing networks.
Additional DetailsEmail-Worm:W32/Mimail.G is a worm that propagates in infected e-mail message attachments. The worm is also capable of launching Denial of Service (DoS) attacks on certain websites.
Mimail.G closely resembles the Mimail.C variant.
Mimail.G was found on 2 November, 2003.
Installation
Mimail.G is almost identical to the Mimail.C variant, except in the following points:
1. Mimail.G worm's file is 10784 bytes long, compressed with UPX file compressor and the unpacked file's size is 22560 bytes.
2. The worm installs itself to Windows folder as SYSLOAD32.EXE file and creates a startup key in the Registry:
€ [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"SystemLoad32" = "%windir\sysload32.exe"
where %windir% is a Windows directory name.
3. The worm performs a DoS attack on the following sites:
€ mysupersales.com € www.mysupersales.com
4. The worm spreads itself in the following message:
From: john@
Subject: don't be late!
Body:
Will meet tonight as we agreed, because on Wednesday I don't think I'll make it,
so don't be late. And yes, by the way here is the file you asked for.
It's all written there. See you.
Attachment: readnow.zip
The attachment is a ZIP archive that contains the worm's executable file (READNOW.DOC.SCR).
5. Mimail.G does not have Mimail.C's spying functionality.Last update 26 July 2010
