Mike Healen from Spyware Info writes:
There is a widespread outbreak of the WORM_MIMAIL.R e-mail worm.
This worm is spoofing the sender's e-mail address. If you receive one of these e-mails, the person in the FROM: address is NOT the person who sent it to you.
If you are running an e-mail server with anti-virus software that bounces virus infected e-mails, FOR GOD'S SAKE STOP BOUNCING THEM! You are participating in a denial of service attack by bouncing viruses at people who are not infected. You could even infect them yourself! STOP BOUNCING THEM!
If you receive an e-mail like the one described below, DON'T OPEN IT! Delete it immediately, update your anti-virus program and scan. If you don't have an anti-virus, get one.
Nod32 $39.00 (The best AV available [according to SWI])
AVG Free (Good enough for the price)
Description From Trendmicro:
A new variant of the MIMAIL worm has been found in the wild. As of January 26, 2004 1:47 PM (US Pacific Time), TrendLabs has declared a yellow alert to control the spread of WORM_MIMAIL.R.
Also known as W32/Mydoom@MM, Mydoom, Win32.Mydoom.A, W32.Novarg.A@mm
This mass-mailing worm selects from a list of e-mail subjects, message bodies, and attachment file names. It can also propagate using the Kazaa peer-to-peer file sharing network.
It performs a denial of service (DoS) attack against the software business site
www.sco.com. It attacks the site if the system date is February 1, 2004 or later. It ceases attacking the site and running most of its routines on February 12, 2004.
It runs on Windows 98, ME, NT, 2000 and XP.
It sends e-mail with the following details:
Subject: (any of the following)
Error
Status
Server Report
Mail Transaction Failed
Mail Delivery System
hello
hi
Message Body: (any of the following)
The message contains Unicode characters and has been sent as a binary attachment.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
Mail transaction failed. Partial message is available.
test
Attachment: <Random name>.zip
Post this on every message board you can find. Get the word out. If you have a friend or family member who does not understand how to operate an anti-virus, please check that they are updated and protected. If you know someone running anti-virus on an e-mail server, please tell them to turn off the bounce feature.
Text taken from lockergnome.