NEWS Just days after being hit by the Mimail.i worm, PayPal users are now under attack from Mimail.j, which is spreading rapidly.
In the past day, around 25,000 users have been infected by Mimail.j, the latest mass-mailing worm designed to target PayPal users. According to security company F-Secure, Mimail.j is almost identical to Mimail.i but seems to be spreading more quickly than its predecessor. The latest variant of Mimail appears to be sent from "Do_Not_Reply@paypal.com" and contains a string of random characters in the subject line. Attached to the email is either a file called 'InfoUpdate.exe' or 'www.paypal.com.pif'.
Mark Sunner, chief technology officer at email security firm MessageLabs, said that Mimail.j's sole purpose is to defraud unsuspecting users, which he believes indicates a change in the mindset of virus authors. "Once, disruption was motivation enough, but now we are seeing a new breed of cybercriminal that is intent on using viruses as a means of lining their own pockets. They rely on duping a crop of unsuspecting users before a new variant is released and the process begins again," he said.
A spokesman for F-Secure said: "It is curious that two have come along in the space of three or four days but Mimail.j is a recompiled version of Mimail.i, with minimal changes. Most of the changes seem to reflect different subject lines and different email content text when users open it, but the method of operating is pretty identical".
The worm has been rated highly dangerous because of the risk it carries for PayPal users: "Someone has gone to a considerable amount of trouble to fashion PayPal-lookalike screens and 'phish' for credit card details," said the F-Secure spokesman.
The recent spate of worm and virus attacks has led network giant Cisco to collaborate with antivirus software vendors - including Network Associates, Symantec, and Trend Micro - to create the Cisco Network Admission Control system, which is part of the company's strategy to help enterprises in minimising the impact of viruses and worms.
Mark Bouchard, senior programme director at the META Group, welcomed the Cisco announcement and commented that enterprises should make it a priority to ensure that insecure nodes within their network are adequately protected: "Many organisations were successful at stopping recent worm attacks at their internet boundaries, yet still fell victim to the exploits when mobile or guest users connected their infected PCs directly to internal local area networks. Eliminating this type of threat will require a combination of strengthened policies and network admission control systems."
Munir Kotadia writes for ZDNet UK
Comments
There are 3 comments. Join the discussion
1. Gareth Davies
PayPal don't care! I've been receiving these or similar e-mails for weeks, and was perturbed to note that Paypal have given no information on this scam either on their homepage, or anywhere else on their websites. I e-mailed them about this over a week ago and got an apparent stock reponse of "We appreciate you bringing this incident of spam to our attention. We will investigate this fully and suspend the account of any PayPal user who has violated our Anti-Spam policy". As I responded, I doubt it's a Paypal member who is sending these and whether it is or not is irrelevant.
I e-mail them again to ask why they are apparently doing nothing to try to diminish the effects of this fraud by highlighting it via their website or in their newsletters. I appreciate it may be close to impossible to track the originator of these e-mails, but it would surely not take much to bring it to the attention of concerned Paypal members or users by highlighting it on their website or via their e-mail bulletins, and warning members to ignore such e-mails.
Have had no repsonse from Paypal and there's still nothing about it on the Paypal websites. Appears they don't give a damn!
2. anonymous
What disturbed me was that I received the first attempt to steal my identity just three hours after registering with PayPal -- I have now received five, all slightly different.
There must surely be a massive security lapse to have let my e-mail address out so easily.
Naturally, I reported this to both eBay and PayPal -- and like Gareth Davis got an apparaently automated stock response from both.
3. anonymous
I too received a number shortly after registering, and decided that I would not confirm the registration. OK, it cost 19 dollars, I feel better for not doing working with Paypal.