Antivirus firm Sophos today issued a warning to all UK businesses to be on the look out for an email worm masquerading as a message from network support.
The worm, Mimail, modifies itself to display the administration address of the user's network, tricking the recipient into opening it. An email to a member of PC Advisor would read [email protected], for instance.
The message suggests the recipient's email account will soon expire — something which doesn't usually happen on business accounts — and urges the recipient to read the attached 'message.zip' file. The HTML attachment contains the worm and as soon as it's opened it copies all of the user's contacts from their address book and passes the worm on to them.
Mimail was first reported in the US on Friday, where most office networks are now successfully protected, but Sophos has been bombarded with calls today from UK office workers.
"The Mimail worm is getting a second lease of life as UK businesses log on to start a new working week," said Graham Cluely senior technology consultant at Sophos.
"While US firms have been patching their systems against this threat, their UK counterparts have been enjoying the a sunny weekend, blissfully unaware that a virus is sitting on their email system just waiting to be unleashed. Businesses need to seriously consider switching to automatic antivirus updates."
The worm works by using an old vulnerability in the Microsoft operating system, a patch for which has been available to download for the past few months. Once the patch is applied users are protected against this and other worms which use the same hole.