You're in: Panda Security > Home Users > security-info > about-malware > encyclopedia > overview
Active Scan. Scan your PC free
Panda Security Product Line 2012

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

Mimbot.A

 
Threat LevelLow threatDamageHighDistributionNot widespread

Effects 

The main objective of Mimbot.A is to spread via MSN Messenger and affect as many computers as possible.

Additionally, it attempts to connect to the website secure.b<blocked>ell.info, in order to download files which can be of any nature, including malware.

Infection strategy 

Mimbot.A creates the following files:

  • PICTUREALBUM2007.ZIP, in the Windows directory. This file is a compressed copy of itself.
  • X15XZ551561ZX4.DLL, in the Windows system directory. This file contains the messages used in order to spread.

 

Mimbot.A creates an entry in the Windows Registry with a random CLSID in order to be run whenever Windows is started.

Means of transmission 

Mimbot.A spreads via the instant messaging program MSN Messenger. In order to do so, it follows the routine below:

  • The user receives one of the following instant messages and a compressed file:
    - In English
    Took some naked pictures off me :o wanna see :P ?
    check it out, i shaved my head :|
    Hey, see, i found this on facebook
    heey, is that you? lool :p
    Hi, we shaved my friends dog :o see
    Hey, check this out. Party pictures :p

    - In Spanish
    usted piensa de este cuadro?
    Consegu
    a nuevo cuadro de m
    la toma una mirada
    algunos cuadros de la semana pasada, consideran si usted tiene gusto en ellos.
    tiene usted visto este picure todav
    Haha, es que usted?
    Debo utilizar este cuadro en msn?
    usted piensa en esto?

    - In French
    que pensez-vous
    ce picure ? je me sens que je semble laid :/
    Voici un nouveau pic de moi
    Quelques images de la semaine derni
    re, voient si vous les aimez
    Avez-vous vu ce picure encore ?
    Haha, est-vous ce sur cette image ?
    Si j'emploient cette image sur le msn ?
    Que pensez-vous
    mon image ?
    hahahahha

    - In German
    Was denken Sie an diese?
    was denken Sie an dieses picure? ich glaube, da
    ich h
    lich schaue :/
    sind hier eine neue Abbildung von mir
    einige Abbildungen von der letzten Woche, sehen, wenn Sie sie m
    Haha, diese sind Sie auf dieser Abbildung?
    sollte ich diese Abbildung auf msn benutzen?
    Was denken Sie an dieses?

    - In Dutch
    Wat denkt u aan dit picure? ik vind ik lelijk kijk
    Een paar beelden van vorige week, zien of houdt u hier van em nieuwe pic van me. :)
    Hebt u dit picure nog gezien?:p
    Hebt u dit picure nog gezien? :p
    Haha, bent u dat op dat beeld? :)
    Zou ik dit beeld op msn moeten gebruiken?
    Wat denkt u over dit?
  • The ZIP file, which is called PICTUREALBUM2007, contains an executable file that if it is run, a copy of the worm will be downloaded to the computer.
  • Mimbot.A sends this message to all the contacts that are active at that moment.

Further Details  

Mimbot.A is 159,232 bytes in size and it is compressed with NTKrnl.