McAfee here identified it as EXPLOIT-CODEBASE, but this is listed as known
in their dictionary since 2002. May be a misidentification on engine's
part. No cleaner was yet available. Checking with McAfee Avert and
WebImmune.
Danny
<drh26at_private To: incidentsat_private
> cc:
Subject: WORM_MIMAIL.A Anyone have any info on what this does yet?
08/01/2003 12:56
PM
We are getting flooded with these little puppies, does anyone have any
additional info on what this thing does once it infects a host?
I'll be infecting a box to test myself after i send this email but if
anyone has done testing already it would great to hear your input.
Norton have released a Def for this and identify the virus as
WORM_MIMAIL.A
(http://securityresponse.symantec.com/avcenter/venc/data/
w32.mimail.aat_private)
If any one would like a copy of the original code you can get it at
http://akasha.irt.drexel.edu/message.zip
Danny
Work - http://www.eBoundary.com - Secure, FreeBSD hosting.
Play - http://www.eBoundary.net - Who really sets your electronic
boundaries?
AIM: eBoundaryTch | ICQ: 3090141
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Aug 01 2003 - 11:54:13 PDT