Beware! This is a worm. And a clever one at that... http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.A
There is an HTML file within that zip file. If you open that HTML file in an IE browser that hasn't been fully patched you will be infected. The worm installs a videodrv.exe file in %systemroot% and puts a link to it in the startup group and in the registry. That executable proceeds to send itself out... Does declude AV actually scan files inside zip archives? Nate ----- Original Message ----- From: "Rick Hogue" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 01, 2003 1:58 PM Subject: [IMail Forum] Topic: admin email with file attachment that is a zip file > I have had several clients contact me today with them receiving an email > from [EMAIL PROTECTED] stating that their email account was about to > expire. > The exact message follows > > Hello there, > > I would like to inform you about important information regarding your email > address. This email address will be expiring. Please read attachment for > details. > > --- > Best regards, Administrator > Becbozoo > > It has an attachment of message.zip that is 17k. > > We set up admin accounts for all of our users. Has anyone else had this > problem and if so how did you deal with it? > > Rick Hogue > www.intent.net Web Hosting 1-800-866-2983 > www.prosperity.com Featured web site > > > --- > [This E-mail scanned for viruses by Declude Virus] > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
