By Andy McCue, 14 November 2003 11:00
NEWS Users are being warned about a new variant of the Mimail worm on the loose that takes victims to a fake PayPal web page in an attempt to steal credit card details.
The variant, W32/Mimail-I, hits inboxes with the subject line "Your Paypal.com account expires" and tells the user they need to update their credit card details because of a new security policy being implemented.
But in a twist on the spate of 'phishing' scams in recent weeks, the email tells the victim not to send personal information via email, saying that email is insecure and asks them to run an attached program instead.
The attached file, 'www.paypal.com.scr', brings up a pop-up box with a PayPal logo when run that requests a user's credit card details including card number, PIN number and expiry date.
Not only are gullible or unsuspecting users fleeced of their credit card details but Mimail-I sends itself to everybody whose email address appears on the victim's hard disk in order to spread itself.
David Emm, AVERT marketing manager at McAfee, said the worm is currently rated as low-risk but added that the PayPal element is a new twist.
"We have increasingly seen over the last two years things that drop back door trojans onto systems to gather information but this is the first time we have seen it wrapped up with the whole PayPal scam," he said.
Anti-virus firm Sophos reaffirmed its advice to users not to click on web links or attachments sent in emails that claim to come from banks or financial companies and block all Windows programs such as exe, dll, scr, bat and pif files at the email gateway and of course, update your anti-virus software regularly.
Comments
There are 6 comments. Join the discussion
1. Lugui
Thanks for the great information on this worm. This news is appreciated.
2. Dave Wall
Your article will make me doubly attentive of any future. As recently as last week I tried purchasing something from Ebay and found the whole PayPal account set-up procedure cumbersome. My mistakes resulted in several auto emails being sent to me, all of which were lengthy and added to my bemusement. Thanks for the information.
3. Gareth Davies
Not that PayPal seem to care! I've been receiving these e-mails for weeks, and was perturbed to note that Paypal have given no information on this scam either on their homepage, or anywhere else on their website. I e-mailed them about this over a week ago and got an apparent stock reponse of "We appreciate you bringing this incident of spam to our attention. We will investigate this fully and suspend the account of any PayPal user who has violated our Anti-Spam policy". As I responded, I doubt it's a Paypal member who is sending these and whether it is or not is irrelevant. Asked them again why they are apparently doing nothing to try to diminish the effects of this fraud by highlighting it via their website or in their newsletters. I appreciate it may be close to impossible to track the originator of these e-mails, but it would surely not take much to bring it to the attention of concerned Paypal members or users by highlighting it on their website or via their e-mail bulletins, and warning members to ignore such e-mails.
Have had no repsonse and there's still nothing about it on the Paypal websites. Appears they don't give a damn!
4. Dominic Pinto
I've had 2 paypal emails in the last few days - one from the 'PayPal Account Review Department directing to a URL to provide credit card detail confirmation (originating address is usrsupports1@paypal.com). The second is from 'donotreply@paypal.com' and warns that the account will be deactivated unless the attached file (paypal.asp.zlq) is run and account settings updated with personal information.
So there are a number of variants going around!
5. McNaughtY
What is Pay Pal doing about this E-mail Virus Scam? How can the user identify the virus? Do any of the current Virus Protection programs remove the .scr file or warn the user?
6. Kenneth Comben
Had 2 'PayPal' emails today both containing the virus luckily Norton Virus intercepted it and deleted the attachment.can't PayPal track down these CRIMINALS or even the fraud squad.even as i write this another Paypal message has arrived.!
There should be a minimum of 10Years in prison for hackers and Virus writers.