Antivirus firms have warned of a 'destructive' worm that has just emerged in the wild.

The W32/Mimail.c@MM, also known as Mimail.c, is a dangerous worm that bears similarities to W32MiMail@MM.

But according to McAfee's Anti-Virus Emergency Response Team (Avert), this variant does not use the codebase MS02-015 and MHTML (MS03-014) exploits against Microsoft Windows operating systems employed by previous variants.

Instead, Mimail.c contains its own SMTP engine for constructing messages, and mails itself as a zip or upx attachment.

The symptoms of the virus are relatively easy to spot: infected users may notice excessive activity from their machine, or a possible lag in usage. This can occur from the mass-mailing component or from the secondary actions of the virus as it sends data to a remote site.

After being executed, Mimail.c emails itself out as an attachment with the filename 'Photos.zip'. Target email addresses are harvested from the victim's machine and are written to the file eml.tmp in WinDir.

Testing shows that the worm is overly lax in identifying valid email addresses. As a result, messages are likely to be sent to invalid recipients.

Users should immediately delete any email containing the following:

Subject:
Re[2]: our private photos [plus additional spaces then random characters].

Attachment:
'photos.zip' (12,958 bytes) which contains 'photos.jpg.exe' (12,832 bytes).

Message Body:
Hello Dear!,
Finally, i've found possibility to right u, my lovely girl :)
All our photos which i've made at the beach (even when u're withou ur bh:))
photos are great! This evening i'll come and we'll make the best SEX :)
Right now enjoy the photos.
Kiss, James.

McAfee warned that, in a bid to make the virus emails less conspicuous, the 'From' address of infected outgoing messages may be spoofed with james@(target domain.com) - for example, james@abc.com.

Immediate information and cures for this virus are offerd online by a number of antivirus firms, including Network Associates' Avert service.