The Mimail.c worm, a variant of an earlier pest that achieved modest distribution by posing as a message from a company's information technology staff, was first detected late Thursday and managed to infect a handful of PCs.
Craig Schmugar, a virus research engineer at security company McAfee's Antivirus Emergency Response Team, said the worm's spread already appeared to be ebbing by midday. "At this point, it looks like we're probably past the worst of it," he said.
According to McAfee's description, Mimail.c spreads by e-mail, appearing in mailboxes as a message with the subject "our private photos." The body of the message promises revealing photos, if the recipient opens up an attached file saved in the Zip compression format. If the file is opened, the worm attempts to spread itself by sending messages to e-mail addresses culled from the infected PC.
The worm also attempts to launch a denial-of-service attack by sending large volumes of "garbage data" to Web addresses associated with DarkProfits, a gaming enthusiast site that has been the subject of a persistent e-mail hoax.
Schmugar said one of the more unusual aspects of the worm--which McAfee classified as a "moderate" threat--was its use of a Zip file, which could prove to have longer legs than the .exe files most worms try to spread.
"A lot of enterprises have rules to block executable attachments, so using the Zip format could let them penetrate into the corporate environment a little further," he said. "That's why you still need good antivirus protection on the desktop."
Mimail.c also spoofs the address the message is generated from, with all messages appearing to come from "James" at the same domain as the recipient.
