Child pages
  • CERT Incident Note IN-2003-02: W32/Mimail Virus

Pages in the Historical section of this site are provided for historical purposes, they are no longer maintained. Links may not work.

Skip to end of metadata
Go to start of metadata
The CERT Coordination Center publishes incident notes to provide information about incidents to the Internet community.

W32/Mimail Virus

Release Date: August 2, 2003


On Friday, August 1st 2003 the CERT Coordination Center began to receive an increased number of reports of a new mass mailing virus, now referred to as W32/Mimail, spreading on the Internet.


The W32/Mimail virus is a malicious file attachment containing a specially crafted MHTML file named 'message.html'. This file is delivered inside of a .ZIP archive file named ''. Viewing the 'message.html' file on a vulnerable system will cause the malicious code to be installed and executed. The malicious code is a mass-mailer.

The email message may look like the following:

  • No labels