I got it as well. I think your assumptions are correct. It appears that someone who has access to send to the current-students list was infected. I was curious and extracted and scanned the file. Below is some info I dug up after scanning it. How fitting that it's been modified to attack www.sco.com. I had a good laugh when I read that. The'll be having fun on February 1st.
Dave Madsen A new variant of the MIMAIL worm has been found in the wild. As of January 26, 2004 1:47 PM (US Pacific Time), TrendLabs has declared a yellow alert to control the spread of WORM_MIMAIL.R. This mass-mailing worm selects from a list of email subjects, message bodies, and attachment file names. It can also propagate using the Kazaa peer-to-peer file sharing network. It performs a denial of service (DoS) attack against the software business site www.sco.com. It attacks the site if the system date is February 1, 2004 or later. It ceases attacking the site and running most of its routines on February 12, 2004. This worm runs a backdoor component, which it drops as the file SHIMGAPI.DLL. It opens port 3127 to allow remote users to access and manipulate infected systems. It runs on Windows 98, ME, NT, 2000 and XP. Please refer to the Technical Details section for more information on this malware. Note that TrendLabs is currently working to provide a more in-depth analysis of this malware. > > Did anyone else get an e-mail, subject "Hello", with an attached zip > file named body.zip with a body.pif inside it? > > No doubt it's a virus. > > The e-mail was addressed to [EMAIL PROTECTED] > > Does that mean the entire student body just got a virus from the > University? > ____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
