Madrid, November 18, 2003 - PandaLabs has detected the appearance of a new
worm called Mimail.J (W32/Mimail.J.worm), which is already causing incidents
among users. This worm steals confidential information from the computers it
infects and sends it out via e-mail.
The J variant of Mimail spreads via e-mail in a message with the subject
'IMPORTANT' and an attached file called w w w.paypal.com.pif. When it is
run, this malicious code shows an image on screen that simulates the home
window of a financial entity. Then, Mimail.J collects the information
entered by the user and sends it out via e-mail.
After infecting a computer, this worm looks for e-mail addresses in all the
files that do not have any of the following extensions: COM, WAV, CAB, PDF,
RAR, ZIP, TIF, PSD, OCX, VXD, MP3, MPG, AVI, DLL, EXE, GIF, JPG and BMP, and
saves them in a file called el388.tmp. Mimail.J then sends itself out to all
the addresses it has found, using its own SMTP engine.
Mimail.J connects to the IP address 212.5.86.163, which belongs to a Russian
e-mail server. This worm uses so-called 'social engineering' techniques to
trick users and spread to as many computer as possible, like the I variant,
the message carrying Mimail.J refers to the PAYPAL payment system.
Due to the incidents received involving Mimail.J and the possibility of an
increase in the number of infections caused by this worm, Panda Software
advises users to treat all e-mails received with caution, and to update
their antivirus solutions if they haven't already done so. The company has
already made the updates to its products available to users to ensure their
solutions can detect and eliminate Mimail.J. Those whose software is not
configured to update automatically, should update their solutions from
http://www.pandasoftware.com/
Users can also scan their computers using the free, online antivirus, Panda
ActiveScan, which is available on the company's website at
http://www.pandasoftware.com.

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic