On the heels of the Mimail.P worm surfacing on Wednesday, security vendor Sophos Thursday issued an alert for the N variant. Like Mimail.P, W32/Mimail-N is a mass-mailing worm that disguises itself as a legitimate form from Paypal credit card information. If a network connection is detected on execution then two forms are displayed asking for credit card and personal information. Once this information is filled in, it is sent to a remote web site. If a network connection is not detected then the start page of Internet Explorer is changed to a web site with a satirical picture. The worm copies itself to ee98af.tmp and winmgr32.exe in the Windows folder and sets the following registry entry so that the latter is run on system startup: Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.