The Mimail worm, an ordinary mass-mailing worm that first appeared this past August, has spawned four new variants that began invading the wild last Friday. The original Mimail worm did nothing more than cull email addresses and propagate itself. The new variants are far more aggressive, launching DoS attacks against several anti-spam Web sites and online retailers, including one gaming retailer.
As of Monday morning, some sites were being slowed down, while others were not able to be accessed.
''Everyone should be on guard against a possible surge in MiMail activity as the business week resumes,'' says Ken Dunham, director of malicious code at iDefense, Inc., a security intelligence firm based in Reston, Va. ''New variants may continue to emerge in the wild and thousands of MiMail e-mails are now waiting to be opened by unsuspecting users as the business week resumes.''
Anti-virus analysts say the worms are targeting sites, such as www.spamhaus.org, www.spews.org, mysupersales.com, spamcop.net, and darkprofits.com.
''These sites are probably getting hit with a lot of traffic,'' says Belthoff. ''The question is why are they targeting these sites? Are they spammers trying to send a message? Are they just virus writers trying to see if some new technique will work?''
Belthoff adds that while the worms aren't specifically damaging the computers they're infecting, the worms are causing them to slow down because of the amount of email traffic they're generating.
''If you've got a large network that's getting infected, then your network will slow down greatly,'' he adds. ''Do the people running these anti-spam sites find them destructive? Absolutely. If a big corporate network is being slowed down, is that destructive? You bet.'' It's destructive to business.