[cut-n-paste from sophos.com]

Troj/SView-A

Aliases
Worm.Win32.Randex.d, W32/Slanper.worm.gen, Win32/Slanper.B, 
Backdoor.Roxy, BKDR_SONE.A

Type
Trojan

Detection
At the time of writing Sophos has received just one report of this 
Trojan from the wild.

Description
Troj/SView-A is a backdoor Trojan which allows unauthorised remote 
access to the computer over a network.

The Trojan adds an entry to the registry at
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
to run itself on system restart.





W32/Lovgate-L

Type
Win32 worm

Detection
Sophos has received several reports of this worm from the wild.

Description
W32/Lovgate-L is functionally similar to W32/Lovgate-J except that this 
variant copies itself to the Windows system folder as WINEXE.EXE and 
changes the following registry entry so that WINEXE.EXE is run before 
an EXE file:

HKCR\exefile\shell\open\command

Please refer to W32/Lovgate-J for more information.





W32/Mimail-A

Aliases
W32.Mimail.A{at}mm WORM_MIMAIL_A

Type
Win32 worm

Detection
Sophos has received many reports of this worm from the wild.

Description
W32/Mimail-A is a worm that arrives with the following characteristics:

Subject line: your account 
Message text:
Hello there, I would like to inform you about important information
regarding your email address. This email address will be expiring.
Please read attachment for details.
---
Best regards, Administrator
Attached file: message.zip

W32/Mimail-A spoofs the From field of the sent emails using the email 
address admin{at}.

Inside the message.zip compressed file, is another file called 
message.html. If this file is opened, the worm will copy itself to

C:\\exe.tmp
and
C:\\videodrv.exe

The worm exploits a known security vulnerability. A patch has been 
available from Microsoft for some months which reportedly fixes the 
vulnerability.

W32/Mimail-A adds the following entry to the registry to run itself on 
system restart:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VideoDriver
=C:\\videodrv.exe

The worm looks for email addresses in files on the local drive. It 
attempts to exclude the following extensions from its search:

    * AVI

    * BMP

    * CAB

    * COM

    * DLL

    * EXE

    * GIF

    * JPG

    * MP3

    * MPG

    * OCX

    * PDF

    * PSD

    * RAR

    * TIF

    * VXD

    * WAV

    * ZIP

It places the email addresses it finds in the file 
C:\\eml.tmp





Troj/Autoroot-A

Aliases
Exploit.Win32.Autorooter

Type
Trojan

Detection
At the time of writing Sophos has received no reports from users 
affected by this Trojan. However, we have issued this advisory 
following enquiries to our support department from customers.

Description
Troj/Autoroot-A attempts to exploit a security vulnerability in 
Microsoft's DCOM RPC interface to invoke the backdoor Trojan 
Troj/IRCBot-G and thus allow unauthorised remote access to the 
compromised computer.

Microsoft has issued a patch for the vulnerability exploited by this 
Trojan. The patch is available from 
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp.






 
--- MultiMail/Win32 v0.43