• Support
• FAQs
• News Flashes
• Network Status
• Access Numbers
• Contact Us

HiWAAY's FAQs

An FAQ is a Frequently Asked Question. We have listed here the question paired with the appropriate answer. If you don't find the answer to your question, please visit our customer support page or email support@HiWAAY.net.

Busy Signal Report Form: Report a busy signal.

There are currently 249 FAQs in the database.

View: By Category  All 

XYZ - The Retired FAQ Archive

Old FAQs - We've kept these older FAQs in the archive just in case someone needs the information. These archived FAQs are no longer maintained and will certainly be out-of-date and contain errors.

Question: How do I protect my computer from the new Mimail worms? (W32.Mimail.C@mm, Mimail.D, Mimail.E, Mimail.F, Mimail.G and Mimail.H)

Answer:

The Mimail worm has reappeared in several new variations. They are W32.Mimail.C@mm, W32.Mimail.D@mm, W32.Mimail.E@mm (also known as W32.Mimail.F@mm and W32.Mimail.G@mm) and W23.Mimail.H@mm. All are very similar and spread through email. The infected emails are usually the same and include an attached .zip file. The attached file is the worm. Opening the file will infect your computer.

Mimail scans the infected system for email addresses in all readable files and then spreads by sending email through its own built-in mail server to each of the addresses it found.

Mimail is consistent in the email it spews. (It's so consistent that HiWAAY's spam blocking services are trapping most of these coming into protected accounts.)

In all cases, the subject lines will either read:

Re[2]: our private photos [random letters]

or

don't be late! [random letters]

The domains used in the from and reply-to addresses will usually be the same as the address the infected email was sent. For example: a Mimail infected message sent to janedoe@some.domain.com will appear to have been sent from james@some.domain.com (for Mimail.C) or john@some.domain.com (for Mimail.D, E, F, H and H).

The attachments will either be named photos.zip or readnow.zip.

Sarc and Sophos have discovered that Mimail uses infected computers to conduct DDoS (Distributed Denial of Service) attacks against a number of domains including:

spews.org
www.spews.org
spamhaus.org
www.spamhaus.org
spamcop.net
www.spamcop.net
ethard.biz
www.fethard.biz
fethard-finance.com
www.fethard-finance.com
mysupersales.com
www.mysupersales.com

Sample Emails:

The Mimail C variant email looks like this:

From: james@some.domain.com
To: Name
Reply-To: james@some.domain.com
Subject: Re[2]: our private photos [random letters]

Hello Dear!,

Finally i've found possibility to right u, my lovely girl :)
All our photos which i've made at the beach (even when u're without ur bh:))
photos are great! This evening i'll come and we'll make the best SEX :)


Right now enjoy the photos. Kiss, James. [random letters]

The Mimail.D, E, F, G and H variant email looks like this:

From: john@some.domain.com
To: Support
Reply-To: james@some.domain.com
Subject: don't be late! [random letters]


Will meet tonight as we agreed, because on Wednesday I don't think I'll make it,

so don't be late. And yes, by the way here is the file you asked for.
It's all written there. See you.

[random letters]

More detailed information can be found at:

• Computer Associates (E-Trust): Mimail.C Mimail.D and Mimail.E Mimail.F and Mimail.G
• SARC: Mimail.C Mimail.D Mimail.E, Mimail.F and Mimail.G
• Sophos: Mimail.C Mimail.E Mimail.F Mimail.H
• TrendMicro: Mimail.C Mimail.D Mimail.E Mimail.F

Prevention:
Protection of Windows-based systems is easy (Non-Windows-based computers are not affected.).

1. Make certain your anti-virus software is up to date.
2. Run a personal firewall like ZoneAlarm
3. If you are using Microsoft Internet Explorer/Outlook Express go to Windows Updates then upgrade to latest version.
4. Of course, it always bears repeating, don't open attachments!

Removal:
Once Mimail infects a computer, it makes changes to the Windows registry file making it difficult to manually remove the worm. Fortunately, Symantec has released and automated removal tool to simplify the task of cleaning and infected computer. The tool can clean off all the new variants as well as the original W32.Mimail.A@mm.

If your computer is infected with Mimail you should immediately download and run the Symantec Mimail removal tool from:

http://sarc.com/avcenter/venc/data/w32.mimail.removal.tool.html

You should also install up-to-date antivirus software and use it to scan your system.

Anti-Virus Software Update Sites:
We've included links below to some of the more popular anti-virus program update sites.

• eTrust Anti-virus
• Norton AntiVirus _Virus Definitions
• McAfee Virus Scan Updates
• Sophos Anti-virus Solution

New definitions are released constantly. Please check with your antivirus vendor for the latest files.

HiWAAY does not warrant that any of the tools and patches listed above will protect or repair an infected computer, nor can we offer support on the complex task of manually removing worms and verifying system integrity.

Search FAQs

Search for ..