And it's after your credit card details this time...
By Andy McCue
Published: 14 November 2003 11:00 GMT
Users are being warned about a new variant of the Mimail worm on the loose that takes victims to a fake PayPal web page in an attempt to steal credit card details.
The variant, W32/Mimail-I, hits inboxes with the subject line "Your Paypal.com account expires" and tells the user they need to update their credit card details because of a new security policy being implemented.
But in a twist on the spate of 'phishing' scams in recent weeks, the email tells the victim not to send personal information via email, saying that email is insecure – and asks them to run an attached program instead.
The attached file, 'www.paypal.com.scr', brings up a pop-up box with a PayPal logo when run that requests a user's credit card details including card number, PIN number and expiry date.
Not only are gullible or unsuspecting users fleeced of their credit card details but Mimail-I sends itself to everybody whose email address appears on the victim's hard disk in order to spread itself.
David Emm, AVERT marketing manager at McAfee, said the worm is currently rated as low-risk but added that the PayPal element is a new twist.
"We have increasingly seen over the last two years things that drop back door trojans onto systems to gather information but this is the first time we have seen it wrapped up with the whole PayPal scam," he said.
Anti-virus firm Sophos reaffirmed its advice to users not to click on web links or attachments sent in emails that claim to come from banks or financial companies and block all Windows programs such as exe, dll, scr, bat and pif files at the email gateway – and of course, update your anti-virus software regularly.
Thanks for the great information on this worm. Th...
Lugui
Your article will make me doubly attentive of any ...
Dave Wall
Not that PayPal seem to care! I've been receiving ...
Gareth Davies
I've had 2 paypal emails in the last few days - on...
Dominic Pinto
What is Pay Pal doing about this E-mail Virus Scam...
McNaughtY
Ideally you will have come from a credit card/ banking background. Business Analyst. You will have recent experience of working within Bank that ...
A leading retail banking organisation, based in London (WC) currently has a vacancy for a Risk Analyst to join the Credit Card Risk Analytics team. ...
Solid understanding of SAN based technologies, fibre channel, RAID configurations and high availability disk based systems. Ensuring the security of ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business