That was their old one. They have it now: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100523 JayW >>> <Michael.Washingtonat_private> 08/01/03 01:24PM >>> McAfee here identified it as EXPLOIT-CODEBASE, but this is listed as known in their dictionary since 2002. May be a misidentification on engine's part. No cleaner was yet available. Checking with McAfee Avert and WebImmune. Danny <drh26at_private To: incidentsat_private > cc: Subject: WORM_MIMAIL.A Anyone have any info on what this does yet? 08/01/2003 12:56 PM We are getting flooded with these little puppies, does anyone have any additional info on what this thing does once it infects a host? I'll be infecting a box to test myself after i send this email but if anyone has done testing already it would great to hear your input. Norton have released a Def for this and identify the virus as WORM_MIMAIL.A (http://securityresponse.symantec.com/avcenter/venc/data/ w32.mimail.aat_private) If any one would like a copy of the original code you can get it at http://akasha.irt.drexel.edu/message.zip Danny Work - http://www.eBoundary.com - Secure, FreeBSD hosting. Play - http://www.eBoundary.net - Who really sets your electronic boundaries? AIM: eBoundaryTch | ICQ: 3090141 --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Aug 01 2003 - 14:04:20 PDT