New MiMail threat

Discussion in 'MCDST' started by Larry Samuels, Jan 29, 2004.

  1. MiMail.S (new highly polymorphic variant)
    http://www.symantec.com/avcenter/venc/data/
    http://vil.nai.com/vil/content/v_100989.htm
    http://www.f-secure.com/v-descs/mimail_s.shtml

    W32.Mimail.S@mm is variant of W32.Mimail.A@mm. The worms display a
    dialog box prompting you for credit card information. The worm scans
    infected computers for email addresses, sending itself as an attachment
    to the addresses found. The message body and subject lines can vary.

    This one is highly polymorphic:

    Subject of email: Varies
    Name of attachment: Varies with .exe, .pif, or .scr file extension
    Size of attachment: 11,520 bytes
    Time stamp of attachment: n/a
     
    Larry Samuels, Jan 29, 2004
    #1
    1. Advertising

  2. Larry Samuels

    Consultant Guest

    how does this relate to the mcse certification?

    "Larry Samuels" <> wrote in message
    news:...
    > MiMail.S (new highly polymorphic variant)
    > http://www.symantec.com/avcenter/venc/data/
    > http://vil.nai.com/vil/content/v_100989.htm
    > http://www.f-secure.com/v-descs/mimail_s.shtml
    >
    > W32.Mimail.S@mm is variant of W32.Mimail.A@mm. The worms display a
    > dialog box prompting you for credit card information. The worm scans
    > infected computers for email addresses, sending itself as an attachment
    > to the addresses found. The message body and subject lines can vary.
    >
    > This one is highly polymorphic:
    >
    > Subject of email: Varies
    > Name of attachment: Varies with .exe, .pif, or .scr file extension
    > Size of attachment: 11,520 bytes
    > Time stamp of attachment: n/a
    >
    >
    >
     
    Consultant, Jan 29, 2004
    #2
    1. Advertising

  3. Anyone working as a network admin needs to be on the lookout for this one.
    Since hopefully most of us here are actually working in the industry (as
    opposed to going for bootcamps and braindumps to try getting into the
    industry) I thought it was relevant.

    --
    Larry Samuels
    Unofficial FAQ for Windows Server 2003 at
    http://pelos.us/SERVER.htm

    "Consultant" <> wrote in message
    news:...
    > how does this relate to the mcse certification?
    >
    > "Larry Samuels" <> wrote in message
    > news:...
    >> MiMail.S (new highly polymorphic variant)
    >> http://www.symantec.com/avcenter/venc/data/
    >> http://vil.nai.com/vil/content/v_100989.htm
    >> http://www.f-secure.com/v-descs/mimail_s.shtml
    >>
    >> W32.Mimail.S@mm is variant of W32.Mimail.A@mm. The worms display a
    >> dialog box prompting you for credit card information. The worm scans
    >> infected computers for email addresses, sending itself as an attachment
    >> to the addresses found. The message body and subject lines can vary.
    >>
    >> This one is highly polymorphic:
    >>
    >> Subject of email: Varies
    >> Name of attachment: Varies with .exe, .pif, or .scr file extension
    >> Size of attachment: 11,520 bytes
    >> Time stamp of attachment: n/a
    >>
    >>
    >>

    >
    >
     
    Larry Samuels, Jan 29, 2004
    #3
  4. Larry Samuels

    Consultant Guest

    i agree those who work on a network should be aware of this and other
    threats. that is why there are subscriptions to sans, etc. this is not
    tested as part of the mcse and therefore is irrelevant to this forum.


    "Larry Samuels" <> wrote in message
    news:OBLA$...
    > Anyone working as a network admin needs to be on the lookout for this one.
    > Since hopefully most of us here are actually working in the industry (as
    > opposed to going for bootcamps and braindumps to try getting into the
    > industry) I thought it was relevant.
    >
    > --
    > Larry Samuels
    > Unofficial FAQ for Windows Server 2003 at
    > http://pelos.us/SERVER.htm
    >
    > "Consultant" <> wrote in message
    > news:...
    > > how does this relate to the mcse certification?
    > >
    > > "Larry Samuels" <> wrote in message
    > > news:...
    > >> MiMail.S (new highly polymorphic variant)
    > >> http://www.symantec.com/avcenter/venc/data/
    > >> http://vil.nai.com/vil/content/v_100989.htm
    > >> http://www.f-secure.com/v-descs/mimail_s.shtml
    > >>
    > >> W32.Mimail.S@mm is variant of W32.Mimail.A@mm. The worms display a
    > >> dialog box prompting you for credit card information. The worm scans
    > >> infected computers for email addresses, sending itself as an attachment
    > >> to the addresses found. The message body and subject lines can vary.
    > >>
    > >> This one is highly polymorphic:
    > >>
    > >> Subject of email: Varies
    > >> Name of attachment: Varies with .exe, .pif, or .scr file extension
    > >> Size of attachment: 11,520 bytes
    > >> Time stamp of attachment: n/a
    > >>
    > >>
    > >>

    > >
    > >

    >
    >
     
    Consultant, Jan 29, 2004
    #4
  5. Certainly applicable to the audience, but an "OT -" in the subject would be
    appreciated.

    --
    Politician Spock
    Thug #24601


    "Larry Samuels" <> wrote in message
    news:OBLA$...
    > Anyone working as a network admin needs to be on the lookout for this one.
    > Since hopefully most of us here are actually working in the industry (as
    > opposed to going for bootcamps and braindumps to try getting into the
    > industry) I thought it was relevant.
    >
    > --
    > Larry Samuels
    > Unofficial FAQ for Windows Server 2003 at
    > http://pelos.us/SERVER.htm
    >
    > "Consultant" <> wrote in message
    > news:...
    > > how does this relate to the mcse certification?
    > >
    > > "Larry Samuels" <> wrote in message
    > > news:...
    > >> MiMail.S (new highly polymorphic variant)
    > >> http://www.symantec.com/avcenter/venc/data/
    > >> http://vil.nai.com/vil/content/v_100989.htm
    > >> http://www.f-secure.com/v-descs/mimail_s.shtml
    > >>
    > >> W32.Mimail.S@mm is variant of W32.Mimail.A@mm. The worms display a
    > >> dialog box prompting you for credit card information. The worm scans
    > >> infected computers for email addresses, sending itself as an attachment
    > >> to the addresses found. The message body and subject lines can vary.
    > >>
    > >> This one is highly polymorphic:
    > >>
    > >> Subject of email: Varies
    > >> Name of attachment: Varies with .exe, .pif, or .scr file extension
    > >> Size of attachment: 11,520 bytes
    > >> Time stamp of attachment: n/a
    > >>
    > >>
    > >>

    > >
    > >

    >
    >
     
    Politician Spock, Jan 29, 2004
    #5
  6. Larry Samuels

    JaR Guest

    "Politician Spock" <> wrote in message
    news:...
    > Certainly applicable to the audience, but an "OT -" in the subject would

    be
    > appreciated.
    >

    Picky, picky, picky
     
    JaR, Jan 29, 2004
    #6
  7. Dear Mr. Samuels,

    I would like you to know that I do not appreciate you posting computer
    virus outbreak security alerts onto this Microsoft newsgroup. I am getting
    inundated with calls by poor scared to death unsuspecting newbie wannabie
    MCSE candidates asking me how to better protect their silly Braindumps.

    Please stop this at once otherwise I will have to take legal action.

    Sincerely,
    John W. Thompson
    CEO and Chairman of Symantec Corporation
    http://www.symantec.com/corporate/ceo.html


    "Larry Samuels" <> wrote in news:OBLA$bo5DHA.1592
    @TK2MSFTNGP10.phx.gbl:

    > Anyone working as a network admin needs to be on the lookout for this

    one.
    > Since hopefully most of us here are actually working in the industry (as
    > opposed to going for bootcamps and braindumps to try getting into the
    > industry) I thought it was relevant.
    >
     
    John W. Thompson, Jan 29, 2004
    #7
  8. Larry Samuels

    JaR Guest

    "John W. Thompson" <> wrote in message
    news:Xns947F954B3F157rowdyyates2123@207.46.248.16...
    > Dear Mr. Samuels,
    >
    > I would like you to know that I do not appreciate you posting computer
    > virus outbreak security alerts onto this Microsoft newsgroup. I am getting
    > inundated with calls by poor scared to death unsuspecting newbie wannabie
    > MCSE candidates asking me how to better protect their silly Braindumps.
    >
    > Please stop this at once otherwise I will have to take legal action.
    >
    >


    Well, there goes another perfectly good keyboard.
     
    JaR, Jan 29, 2004
    #8
  9. Memo to Judy the intern

    RE: Keyboard replacement

    Dear Judy,

    Please arrange for new Symantec keyboard with special delete virus key to
    be shipped to JaR.

    Sincerely,
    John W. Thompson
    CEO and Chairman of Symantec Corporation
    http://www.symantec.com/corporate/ceo.html


    "JaR" <> wrote in news:#TJ$JPq5DHA.2312
    @TK2MSFTNGP12.phx.gbl:

    > "John W. Thompson" <> wrote in message
    > news:Xns947F954B3F157rowdyyates2123@207.46.248.16...
    >> Dear Mr. Samuels,
    >>
    >> I would like you to know that I do not appreciate you posting computer
    >> virus outbreak security alerts onto this Microsoft newsgroup. I am

    getting
    >> inundated with calls by poor scared to death unsuspecting newbie

    wannabie
    >> MCSE candidates asking me how to better protect their silly Braindumps.
    >>
    >> Please stop this at once otherwise I will have to take legal action.
    >>
    >>

    >
    > Well, there goes another perfectly good keyboard.
    >
    >
     
    John W. Thompson, Jan 29, 2004
    #9
  10. Larry Samuels

    Brat Guest

    "NNTP-Posting-Host: pcws185.dur.utoronto.ca 128.100.87.227" <--- hmmmm I
    wonder who lives in Toronto...


    and no it is not me :p

    --
    Sue "I do, do you?" Thugette #69

    "John W. Thompson" <> wrote in message
    news:Xns947F954B3F157rowdyyates2123@207.46.248.16...
    > Dear Mr. Samuels,
    >
    > I would like you to know that I do not appreciate you posting computer
    > virus outbreak security alerts onto this Microsoft newsgroup. I am getting
    > inundated with calls by poor scared to death unsuspecting newbie wannabie
    > MCSE candidates asking me how to better protect their silly Braindumps.
    >
    > Please stop this at once otherwise I will have to take legal action.
    >
    > Sincerely,
    > John W. Thompson
    > CEO and Chairman of Symantec Corporation
    > http://www.symantec.com/corporate/ceo.html
    >
    >
    > "Larry Samuels" <> wrote in news:OBLA$bo5DHA.1592
    > @TK2MSFTNGP10.phx.gbl:
    >
    > > Anyone working as a network admin needs to be on the lookout for this

    > one.
    > > Since hopefully most of us here are actually working in the industry (as
    > > opposed to going for bootcamps and braindumps to try getting into the
    > > industry) I thought it was relevant.
    > >

    >
     
    Brat, Jan 29, 2004
    #10
  11. Larry Samuels

    Rowdy Yates Guest

    Hey, what the hell's going on! that's one of my users.

    <rowdy gets cranks up the Bolivian torture device - runs out of room in a
    rage - looking for the poor SOB>


    "Brat" <> wrote in news:#0iQ8Zq5DHA.1672
    @TK2MSFTNGP12.phx.gbl:

    > "NNTP-Posting-Host: pcws185.dur.utoronto.ca 128.100.87.227" <--- hmmmm I
    > wonder who lives in Toronto...
    >
    >
    > and no it is not me :p
    >




    --
    The Champ comes out swinging every morning @ 9AM.
    Remove the "removethis" from email address to email me.
    ==============
    I am Against-TCPA
    http://www.againsttcpa.com
    ==============
     
    Rowdy Yates, Jan 29, 2004
    #11
  12. Larry Samuels

    Brat Guest

    lol :p

    --
    Sue Thugette #69

    "Rowdy Yates" <> wrote in message
    news:Xns947F9E72EDE86rowdyyates2123@207.46.248.16...
    > Hey, what the hell's going on! that's one of my users.
    >
    > <rowdy gets cranks up the Bolivian torture device - runs out of room in a
    > rage - looking for the poor SOB>
    >
    >
    > "Brat" <> wrote in news:#0iQ8Zq5DHA.1672
    > @TK2MSFTNGP12.phx.gbl:
    >
    > > "NNTP-Posting-Host: pcws185.dur.utoronto.ca 128.100.87.227" <--- hmmmm I
    > > wonder who lives in Toronto...
    > >
    > >
    > > and no it is not me :p
    > >

    >
    >
    >
    > --
    > The Champ comes out swinging every morning @ 9AM.
    > Remove the "removethis" from email address to email me.
    > ==============
    > I am Against-TCPA
    > http://www.againsttcpa.com
    > ==============
     
    Brat, Jan 29, 2004
    #12
  13. Larry Samuels

    JaR Guest

    "Rowdy Yates" <> wrote in message
    news:Xns947F9E72EDE86rowdyyates2123@207.46.248.16...
    > Hey, what the hell's going on! that's one of my users.
    >


    Awwww! I s'pose this means I'm not gonna get that shiney! new keyboard
    w/virus delete key?

    >cranks up the Bolivian torture device -


    Can I get one of ^ those ^ instead?

    JaR
    Thug Torquemada
     
    JaR, Jan 29, 2004
    #13
  14. >>cranks up the Bolivian torture device -
    >
    >Can I get one of ^ those ^ instead?


    Why do you want one of those? So you can torture newbies? You thug
    you, people like you make me sick.

    Kline Sphere (Chalk) MCNGP #3
     
    The Poster Formerly Known as Kline Sphere, Jan 29, 2004
    #14
  15. OK Rowdy--you get to come clean the coffee off my monitor and keyboard.

    --
    Larry Samuels
    Unofficial FAQ for Windows Server 2003 at
    http://pelos.us/SERVER.htm

    "Rowdy Yates" <> wrote in message
    news:Xns947F9E72EDE86rowdyyates2123@207.46.248.16...
    > Hey, what the hell's going on! that's one of my users.
    >
    > <rowdy gets cranks up the Bolivian torture device - runs out of room in a
    > rage - looking for the poor SOB>
    >
    >
    > "Brat" <> wrote in news:#0iQ8Zq5DHA.1672
    > @TK2MSFTNGP12.phx.gbl:
    >
    >> "NNTP-Posting-Host: pcws185.dur.utoronto.ca 128.100.87.227" <--- hmmmm I
    >> wonder who lives in Toronto...
    >>
    >>
    >> and no it is not me :p
    >>

    >
    >
    >
    > --
    > The Champ comes out swinging every morning @ 9AM.
    > Remove the "removethis" from email address to email me.
    > ==============
    > I am Against-TCPA
    > http://www.againsttcpa.com
    > ==============
     
    Larry Samuels, Jan 29, 2004
    #15
  16. >OK Rowdy--you get to come clean the coffee off my monitor and keyboard.

    Can't you out source that to someone in India?

    Kline Sphere (Chalk) MCNGP #3
     
    The Poster Formerly Known as Kline Sphere, Jan 29, 2004
    #16
  17. Larry Samuels

    JaR Guest

    "The Poster Formerly Known as Kline Sphere" <.> wrote in message
    news:...
    > >>>

    > Why do you want one of those? So you can torture newbies? You thug
    > you, people like you make me sick.
    >
    >

    Ahhh. Thank you. It is good to be recognized by others in one's field.

    JaR
    Modest Thug
     
    JaR, Jan 29, 2004
    #17
  18. Larry Samuels

    JaR Guest

    "The Poster Formerly Known as Kline Sphere" <.> wrote in message
    news:...
    > >>

    > Can't you out source that to someone in India?
    >


    He doesn't need to. That's what H1B's are for.
     
    JaR, Jan 29, 2004
    #18
  19. Larry Samuels

    Rowdy Yates Guest

    Hey, enough of that!! what are you trying to do? get me out of a job?

    The Poster Formerly Known as Kline Sphere <.> wrote in
    news::

    >>OK Rowdy--you get to come clean the coffee off my monitor and keyboard.

    >
    > Can't you out source that to someone in India?
    >
    > Kline Sphere (Chalk) MCNGP #3




    --
    Rowdy Yates
    I am Against-TCPA
    http://www.againsttcpa.com
     
    Rowdy Yates, Jan 29, 2004
    #19
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Larry Samuels

    New MiMail threat

    Larry Samuels, Jan 29, 2004, in forum: Microsoft Certification
    Replies:
    18
    Views:
    686
    Rowdy Yates
    Jan 29, 2004
  2. Larry Samuels

    New MiMail threat

    Larry Samuels, Jan 29, 2004, in forum: MCSE
    Replies:
    21
    Views:
    986
    Rowdy Yates
    Jan 29, 2004
  3. The man who knew too much

    New mimail variant

    The man who knew too much, Nov 14, 2003, in forum: Computer Support
    Replies:
    6
    Views:
    444
    M Mullen
    Nov 15, 2003
  4. weeeze

    Mimail and pop-up sites appearing!! why??

    weeeze, Jun 23, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    463
    ┬░Mike┬░
    Jun 23, 2004
  5. fredcromer

    Netwatcher.exe, what does it do, mimail in it!

    fredcromer, Jun 29, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    567
Loading...

Share This Page