Win32.MMail.A
Discovered January 26, 2004 at 6:06PM EST
Detected January 26, 2004 at 7:49PM EST
Added to referencefile 252 (01R252 27.01.2004)
Also Known As: W32.Novarg.A@mm, W32.Mydoom@MM, W32.Shimg, WORM_MIMAIL.R
Worm emails itself to datamined email addresses. The recipient will receive an email with various headings, including:
- Hi
- Hello
- Error
- MAIL DELIVERY SYSTEM
- Mail Transaction Failed
- Returned Mail: Response Error
- Server Report
- Test
Upon execution, it will drop taskmon.exe and shimgapi.dll in the %system% folder, and set taskmon.exe to autostart in the HKLM\Software\Microsoft\Windows\CurrentVersion\Run subkey.
This worm also performs denial of service attacks on several websites, which are dependent on the system time of the infected computer.
If you receive this email, do not open it. Immediately delete the email.
