Mimail.j emails your data to who?

  • Thread starter Thread starter 1peanutwhistle
  • Start date Start date
1

1peanutwhistle

* * * Cross posted to: alt.comp.anti-virus, alt.comp.virus * * *

Please assist. Has anyone trapped, dis-assembled or otherwise reverse
engineered Mimail.j and discovered what the four email addresses that
your sensitive data is emailed to if you were unfortunate to fall for
this virus?

Reading other posts, I saw that these 4 addresses were in the process
of being blocked, if they haven't been blocked by now.

I believe we have a right to know where our victim's information was
sent. I realize that the destination addresses may be those who
played no active part in all this other than to have a place for the
real bad folks to gather their plunder.

To wit, I do not wish any ill will upon those who may have
involuntarily contributed their email addresses.

TIA
 
* * * Cross posted to: alt.comp.anti-virus, alt.comp.virus * * *

Please assist. Has anyone trapped, dis-assembled or otherwise reverse
engineered Mimail.j and discovered what the four email addresses that
your sensitive data is emailed to if you were unfortunate to fall for
this virus?

Reading other posts, I saw that these 4 addresses were in the process
of being blocked, if they haven't been blocked by now.
Click to expand...
[snipulated]

NAI lists 3 in their description.

Source of info: http://vil.nai.com/vil/content/v_100825.htm
(W32/Mimail.j@MM)

Excerpt from URL:

Victims of the PayPal scam will have their credit card information
collated into C:\PPINFO.SYS. The worm then attempts to send this data
to three email addresses.

* (e-mail address removed)
* (e-mail address removed)
* (e-mail address removed)

Thus, outgoing DNS queries to these servers will be issued from the
victim machine.
 
Back
Top