Virus Family Statistics (over the past 30 days)
Family Statistics information
| Virus Name |
Infected Files |
Scanned Files |
% Infected Computers |
| Exploit-MIME.gen |
47492 |
47966357 |
0.03 |
Virus Characteristics
-- Update March 11, 2004 --
The risk assessment of this threat was lowered to Low-Profiled due to a decrease in prevalence.
-- Update September 20, 2003 --
AVERT has received serveral submissions of emails which are generically detected as Exploit-MIME.gen.c. On examination these files have been found to be emails sent by W32/Swen@MM
, which attempts to use this exploit in some cases. These emails are normally detected as Exploit-MIME.gen.exe. However if the email has passed through an email based Anti-Virus scanner the attachment will have been removed resulting in an email that just contains the exploit code but no attachment, and this is triggering the Exploit-MIME.gen.c detection.
This generic detection covers email message files which exploit the Microsoft Incorrect MIME Header vulnerability. This vulnerability allows attached executable files to be run when a message is simply viewed. Several common viruses make use of this exploit, including W32/Badtrans@MM, W32/Nimda.gen@MM, and W32/Klez.gen@MM.
For more information on this exploit and a patch, visit http://www.microsoft.com/technet/security/bulletin/MS01-020.mspx
As this is a generic detection which may cover many different trojans and viruses, it is not possible to specify any further details or symptoms of this threat.
Variants
Variants information
| Virus Name |
Type |
Subtype |
Differences |
| Exploit-MIME.gen.c application |
Program |
Exploit |
Detection requires scanning for Potentially Unwanted Programs; covers email message that contain a suspicious iFrame (primarily Klez with missing attachments)
|
| Exploit-MIME.gen.b |
Trojan |
Exploit |
Detection requires a gateway scanning product; covers email message that contain a suspicious iFrame
|