"It's the third Mimail variation to come after us, except this one is trying to do more," said Steve Linford, founder of The Spamhaus Project, a British-based group that singles out spammers. Spamhaus was hit by Mimail late on Monday.Source: Reuters
According to anti-virus and spam-filtering company Sophos Plc, the Mimail-L program comes as an attachment to an e-mail purporting to be from a woman named Wendy who details an erotic encounter and then offers naked photographs.
Clicking on the attachment activates the virus. Once triggered, the worm forwards itself to other email users.
The worm can also turn the affected PC into a "zombie", which can then be remotely commanded to bombard one of a select group of targets, such as Spamhaus, with a disabling blizzard of data -- a so-called denial-of-service attack.
In a new twist, a follow-up e-mail is sent to the infected user stating that an order for a CD containing images of child pornography will be delivered to their postal address. To stop the order, the e-mail advises, they should respond to what appears to be an e-mail address for billing complaints, but which is actually an e-mail for one of the eight targets.
"So many Internet users are flooding us with complaints about these child porn CDs that we supposedly ordered for them," said Linford, adding that he was cooperating with police.
He believes the worm was the work of one of three organised spam gangs that traffic in stolen credit cards and have hit him with distributed denial-of-service (DDOS) attacks in the past. "These guys write trojan (viruses), they carry out DDOS attacks and they get their money through selling stolen credit cards and spamming," Linford said.
Virus experts said the outbreak was light compared to the rash of worms and viruses that plagued the Internet last summer. "We have had reports in the dozens, not in the hundreds," said Graham Cluley, senior technology consultant for Sophos.
Security experts have been warning that some spammers have adopted virus-writing tactics to silence their biggest critics. The stakes are high. Anti-spam organisations create black-out lists of known spammers that are then distributed to other Internet service providers to automatically reject messages coming from these sources.
Spammers attack anti-spam organisations with W32/Mimail-L worm
Posted on Tuesday, Dec 02 2003 @ 19:52 CET by Thomas De Maesschalck
A very sad newspost that shows you once again how cruel the world can be. Anti-spam organisations are at the moment the target of a new worm called W32/Mimail-L, made by malicious spammers, that concentrates merely to hit anti-spam organisations: