News

Mimail Damage Mounts

The Mimail virus is making its way up the ranks of the most damaging viruses and worms to date, according to a security firm that keeps track of malware.

Mimail is currently the fifth most damaging malware in a malware damage database maintained by the U.K.-based mi2g Intelligence Unit. Worldwide economic damage from Mimail is estimated at $8.85 billion worth of productivity losses and business interruption, according to mi2g, a digital risk assessment firm.

Mimail now trails only Sobig, Klez, Yaha and Swen in the rankings of the most damaging viruses and worms, according to mi2g. Mimail, which affects only Windows users, has seen a huge surge in damage from the last two of its 10 variants. Mimail.J and Mimail.I both appeared in the last week.

MessageLabs, an e-mail security services company, put out a high-level warning this week alerting customers to the dangers of the Mimail.J variant. "[The] extent of Mimail.J overtakes other variants of the worm," MessageLabs wrote in its alert.

The worm arrives as an attachment with a forged sender address, in many cases appearing to have come from PayPal, the payment service for the popular Ebay auction site.

The executable attachment launches a program that instructs users to update their PayPal account with a credit card number, social security number and mother's maiden name. According to mi2g, the Mimail method is more sophisticated than similar previous efforts, which sent victims to a Web page to fill in their information. In those cases, victimized companies could pressure ISPs to shut down the Web site.

"Five years ago hackers and virus writers carried out most of the attacks to demonstrate intellectual prowess. The metamorphosis in motives has definitely been towards financial fraud and extortion activity," DK Matai, mi2g executive chairman, said in a statement.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.