Virus poses as admin e-mail The worm spoofs the domain name of businesses People are being warned to be on the lookout for a Windows e-mail virus which pretends to be a message from computer support staff. The worm, dubbed Mimail, first struck on Friday in the US but it has enjoyed a resurgence with people returning to work after the weekend.
Anti-virus firm Sophos said it had noticed a big increase in infections, suggesting that employees had gone to work and opened the e-mail worm, causing it to spread to all their contacts. "The Mimail worm is getting a second lease of life as UK businesses log on to start a new working week," said Graham Cluley, Sophos senior technology consultant. "While US firms have been patching their systems against this threat, their UK counterparts have been enjoying a sunny weekend, blissfully unaware that a virus is sitting on their e-mail system just waiting to be unleashed." Rogue mail The Mimail worm arrives in an e-mail claiming to be from the company's computer support department. Users need to think carefully before they launch any attachment, even if it does appear to come from a bona fide e-mail address Graham Cluley, Sophos In order to trick people into opening the message, it spoofs the domain name of the business's e-mail address, so a mail to a BBC address would look like [EMAIL PROTECTED] The message says that your e-mail account will soon expire and urges you to read the attached information. The attachment, called message.zip, contains an html file which is a copy of the worm. When opened, it searches the computer's hard drive for e-mail addresses for its next round of victims. The worm takes advantage of a vulnerability in Microsoft's Internet Explorer and could potentially clog mail servers or slow down networks. "Mimail's author has gone to great lengths to disguise his code as a legitimate e-mail," said Mr Cluley. "However Mimail's text does leave a vital clue that it is a rogue e-mail - business e-mail accounts don't expire. "Users need to think carefully before they launch any attachment, even if it does appear to come from a bona fide e-mail address." Virus writers are always on the lookout for ways to trip up unsuspecting computer users. In the past they have disguised worms as a messages from Microsoft support and used celebrities such as Avril Lavigne and Anna Kournikova. \\\\\\\"Always be a first rate version of yourself instead of a second rate version of someone else.\\\\\\\\\\\\\" Njoki Paul University of Pretoria