|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Mimail.C (Denial of Service Attack)
From: K-OTiK Security (Special-Alerts
k-otik.com)
Date: Fri Oct 31 2003 - 17:06:03 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In-Reply-To: <20031031151823.26363.qmailsf-www1-symnsj.securityfocus.com>
it seems that this worm attempts to launch a Denial of Service Attack by sending a large amount of data to known servers (port 80 / ICMP). The worm verifies that a connection is active by contacting google.com, then the DoS is launched against "darkprofits" domains (marketing operation ?)
Due to an increased rate of submissions Symantec Security Response has upgraded W32.Mimail.Cmm to a Category 3 threat from a Category 2 threat.
http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.cmm.html
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100795
Regards.
K-OTik Staff /// http://www.k-otik.com
>From: Alan <alan.tennenty3kgroup.com>
>To: bugtraqsecurityfocus.com
>Subject: Mimail.C
>
>
>
>The irritation has begun :/
>A new version of Mimail.C has cropped up. It spoofs the recipients domain and sends the mail as 'james<spoofed domain>' and has an attachment: pictures.jpg.exe
>
>Some clients have reported massive amounts of lag due to its mass mailing and one client's firewall dropped as a result, although this might not be related.
>
>More info can be found on:
>http://www.f-secure.com/v-descs/bics.shtml
>
>Antigen pics the attachment up as I-Worm.WatchNet
>
>Keep an eye out and inform your users
>
>cheers
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]