Skip to main contentAccess keys help

[an error occurred while processing this directive]
Low graphics|Accessibility help
BBC News
watch One-Minute World News
News Front Page
Africa
Americas
Asia-Pacific
Europe
Middle East
South Asia
UK
Business
Health
Science & Environment
Technology
Entertainment
Also in the news
-----------------
Video and Audio
-----------------
Programmes
Have Your Say
In Pictures
Country Profiles
Special Reports
RELATED BBC SITES
Last Updated: Monday, 4 August, 2003, 10:56 GMT 11:56 UK
E-mail this to a friend Printable version
Virus poses as admin e-mail
Screengrab of e-mail worm
The worm spoofs the domain name of businesses
People are being warned to be on the lookout for a Windows e-mail virus which pretends to be a message from computer support staff.

The worm, dubbed Mimail, first struck on Friday in the US but it has enjoyed a resurgence with people returning to work after the weekend.

Anti-virus firm Sophos said it had noticed a big increase in infections, suggesting that employees had gone to work and opened the e-mail worm, causing it to spread to all their contacts.

"The Mimail worm is getting a second lease of life as UK businesses log on to start a new working week," said Graham Cluley, Sophos senior technology consultant.

"While US firms have been patching their systems against this threat, their UK counterparts have been enjoying a sunny weekend, blissfully unaware that a virus is sitting on their e-mail system just waiting to be unleashed."

Rogue mail

The Mimail worm arrives in an e-mail claiming to be from the company's computer support department.

Users need to think carefully before they launch any attachment, even if it does appear to come from a bona fide e-mail address
Graham Cluley, Sophos
In order to trick people into opening the message, it spoofs the domain name of the business's e-mail address, so a mail to a BBC address would look like [email protected]

The message says that your e-mail account will soon expire and urges you to read the attached information.

The attachment, called message.zip, contains an html file which is a copy of the worm. When opened, it searches the computer's hard drive for e-mail addresses for its next round of victims.

The worm takes advantage of a vulnerability in Microsoft's Internet Explorer and could potentially clog mail servers or slow down networks.

"Mimail's author has gone to great lengths to disguise his code as a legitimate e-mail," said Mr Cluley.

"However Mimail's text does leave a vital clue that it is a rogue e-mail - business e-mail accounts don't expire.

"Users need to think carefully before they launch any attachment, even if it does appear to come from a bona fide e-mail address."

Virus writers are always on the lookout for ways to trip up unsuspecting computer users.

In the past they have disguised worms as a messages from Microsoft support and used celebrities such as Avril Lavigne and Anna Kournikova.



E-mail this to a friend Printable version

SEE ALSO:
Computer viruses on the up
01 Jul 03  |  Technology
Anti-virus fight gets tough
12 Jun 03  |  Technology
Spammers and virus writers unite
30 Apr 03  |  Technology
Viruses bite businesses hard
29 Apr 03  |  Technology
New Bugbear beats its ancestor
06 Jun 03  |  Technology
Net security threats turn devious
08 Aug 02  |  Technology
Mobile virus threat looms large
28 Jan 03  |  Technology


RELATED INTERNET LINKS:
Symantec: Mimail
MessageLabs
Sophos: Mimail
Microsoft patch
The BBC is not responsible for the content of external internet sites

TOP TECHNOLOGY STORIES
US lifts lid on WikiLeaks probe
Bing gains market share in search
'Virtual human' makes Xbox debut

PRODUCTS AND SERVICES

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
AmericasAfricaEuropeMiddle EastSouth AsiaAsia Pacific