Name: I-Worm.Mimail. Category: Viruses Description: Details I-Worm.Mimail.g This is a variant of I.Worm.Mimail.e. It is approximately 10Kb in size, and compressed using UPX. The uncompressed file is approximately 22Kb in size. How Mimail.e differs from earlier versions The worm copies itself to the Windows directory under the name 'sysload32.exe' and registers this file in the system registry auto-run key: [HKLMSoftwareMicrosoftWindowsCurrentVersionRun] "SystemLoad32" = "%windirsysload32.exe" Infected mails contain the following: Sender's address: john@recipient domain Message header: don't be late! Message body: Will meet tonight as we agreed, because on Wednesday I don't think I'll make it, so don't be late. And yes, by the way here is the file you asked for. It's all written there. See you. Attachment: readnow.zip The attached file contains the worm under the name 'readnow.doc.scr' This version of the worm does not contain the function which enables it to steal E-Gold users' information. The worm carries out a DoS attack on the site mysupersales.com in the same way that I-Worm Mimail.c does.