Aliases: WORM_MIMEE.A, Win32.Mimee.A, Win32.Mimee, I-Worm/Alcaul, Win32/Alcaul.X
Variants: Worm.Win32.Alcaul, W32/Alcop.gen, Win32.HLLM.Alcopaul.20480, W32/Alcaul-P, Win32/Alcaul

Classification: Malware
Category: Computer Virus

Status: Dormant
Spreading: Slow
Geographical info: North and South America, Asia, Europe
Removal: Easy
Platform: W32
Discovered: 08 Mar 2002
Damage: Low

Characteristics: This malware has been designed by its malicious author using the Visual Basic programming language. It was equipped with the functionality of scanning the compromised computer system for the presence of EML format files which are associated with the default email client of the operating system. Once found the W32.Miem will insert its codes into the files. The slow distribution level of this Worm is attributed to bugs in its codes.

More details about W32.Miem

EML format files are generally email files that are produced when the computer user makes use of the Microsoft Outlook application. This means that a computer system which does not have these file traces will not be negatively affected by the W32.Miem malware. When this virus first executes into the infected computer system it will create an executable file with the filename referencing the Multipurpose Internet Mail Extensions service of the operating system. This trigger file of the W32.Miem can be distinguished from legitimate service files by its location which is at the root directory of the main hard drive. When the W32.Miem succeeds to insert a copy of codes into the EML file the file attachment is automatically appended to the message.

The infected email message file that has the virus code will have a seemingly harmless read me file attachment. The W32.Miem makes use of the EXE file extension for the attachment which is an indication that it is far from being harmless. In some computer systems however where commonly used file extensions are hidden, this dangerous file attachment may escape scrutiny. The W32.Miem is designed to activate once the recipient accesses the spiked email message. However, due to programming flaws in the W32.Miem malware, its codes are not properly displayed and may prevent it from spreading.