Five new variants of a mass-mailing worm are infecting computers around the globe and
launching denial-of-service attacks — some against well-known anti-spam Web sites.
The Mimail worm, an ordinary mass-mailing worm that first appeared this past August, has
spawned four new variants that began invading the wild last Friday. The original Mimail worm
did nothing more than cull email addresses and propagate itself. The new variants are far
more aggressive, launching DoS attacks against several anti-spam Web sites and online
retailers, including one gaming retailer.
As of Monday morning, some sites were being slowed down, while others were not able to be accessed.
”Everyone should be on guard against a possible surge in MiMail activity as
the business week resumes,” says Ken Dunham, director of malicious code at iDefense, Inc.,
a security intelligence firm based in Reston, Va. ”New variants may continue to emerge in
the wild and thousands of MiMail e-mails are now waiting to be opened by unsuspecting
users as the business week resumes.”
Chris Belthoff, a senior security analyst at Lynnfield, Mass.-based anti-virus company,
Sophos, Inc., notes that the worms contain a Zip file, which contains an executable. The
file will harvest email addresses from the computer’s hard drive, propagate itself and then
launch the DoS attacks. The subject line may read, ‘Don’t be late’, and the text will refer
to a planned meeting and a file that the email recipient supposedly requested. Other
variants refer to pictures from a trip to the beach.
Anti-virus analysts say the worms are targeting sites, such as www.spamhaus.org,
www.spews.org, mysupersales.com, spamcop.net, and darkprofits.com.
”These sites are probably getting hit with a lot of traffic,” says Belthoff. ”The
question is why are they targeting these sites? Are they spammers trying to send a message?
Are they just virus writers trying to see if some new technique will work?”
Belthoff adds that while the worms aren’t specifically damaging the computers they’re
infecting, the worms are causing them to slow down because of the amount of email traffic
”If you’ve got a large network that’s getting infected, then your network will slow down
greatly,” he adds. ”Do the people running these anti-spam sites find them destructive?
Absolutely. If a big corporate network is being slowed down, is that destructive? You bet.”
It’s destructive to business.