Re: Mimail.C (Denial of Service Attack)

[K-OTiK Security <Special-Alerts () k-otik com>]

In-Reply-To: <20031031151823.26363.qmail () sf-www1-symnsj securityfocus com>

it seems that this worm attempts to launch a Denial of Service Attack by sending a large amount of data to known 
servers (port 80 / ICMP). The worm verifies that a connection is active by contacting google.com, then the DoS is 
launched against "darkprofits" domains (marketing operation ?)

Due to an increased rate of submissions Symantec Security Response has upgraded W32.Mimail.C@mm to a Category 3 threat 
from a Category 2 threat. 

http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.c () mm html
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100795

Regards.
K-OTik Staff /// http://www.k-otik.com


> From: Alan <alan.tennent () y3kgroup com>
> To: bugtraq () securityfocus com
> Subject: Mimail.C
>
>
>
> The irritation has begun  :/
> A new version of Mimail.C has cropped up.  It spoofs the recipients domain and sends the mail as 'james@<spoofed 
> domain>' and has an attachment: pictures.jpg.exe
>
> Some clients have reported massive amounts of lag due to its mass mailing and one client's firewall dropped as a 
> result, although this might not be related.
>
> More info can be found on:
> http://www.f-secure.com/v-descs/bics.shtml
>
> Antigen pics the attachment up as I-Worm.WatchNet
>
> Keep an eye out and inform your users
>
> cheers