Madre Farbot
11-15-2003, 07:40 AM
When I first recieved this email and its attachment I was quite suspicious, and I guess I should've mentioned this earlier. Anyway, just in case you haven't got round to dealing with yours heres the article and the actual email I recieved.........
Latest Mimail worm has new trick
18:10 14 November 03
NewScientist.com news service
The latest variant of the computer worm Mimail contains a new trick to
harvest credit card details - a fake security program that in fact emails the details off to the virus's creators.
The worm is aimed at users of Paypal, a popular method of internet payment among online shoppers. Infected emails carry the subject line "YOUR PAYPAL.COM ACCOUNT EXPIRES" and pose as a security update. The email threatens to close the recipient's account if they do not obey the update instructions it gives.
Cleverly, the email warns readers not to send their details back by return email. Many users now know this is insecure and that companies never request this.
Instead, the email asks them to click on an executable file called www.paypal.com.scr. This brings up a dialogue box, complete with PayPal logo, requesting their credit card number, PIN, expiry date and security code. Any details entered are then sent to the virus writer.
"It is a pretty sneaky and professional trick. They have gone to some effort to make it looks as plausible as possible," says Graham Cluley of Sophos, the UK-based anti virus company that first reported W32/Mimail.I at 0500 GMT on Friday. The virus has been seen in the UK, South Africa, Australia and New Zealand and is spreading.
Zombie computers
Clicking on the program file also causes the Mimail.I virus to invade the email account of the recipient and sent itself to any addresses found.
The fact that the virus emails the details back to an address gives virus detectives "a good lead", says Cluley. But he adds that virus writers typically have Hotmail accounts, which are difficult to trace, or are able to remotely change the email address specified in the virus. They also commonly set up proxy email addresses in "zombie" computers they have gained control over using past viruses.
"I am sure the virus writers will get some credit card details," says Cluley, although only people with Paypal accounts are likely to be caught out.
Mimail.I is only the latest in a recent spate of email-propagated crimes. On 3 November, spammers unleashed a Mimail variant apparently designed to bring down anti-spam websites.
And on Tuesday it was reported that Eastern European crime gangs were running online extortion rackets. In these, companies either pay up or have their web sites targeted by Distributed Denial of Service attacks launched from zombie computers.
-------------------------------------
Actual email and attachment,
PayPal.com YOUR PAYPAL.COM ACCOUNT EXPIRES 14/11/03 20:10
Dear PayPal member,
PayPal would like to inform you about some important information regarding your PayPal account. This account, which is associated with the email address
M.Farbot@ScammerZ.net
will be expiring within five business days. We apologize for any inconvenience that this may cause, but this is occurring because all of our customers are required to update their account settings with their personal information.
We are taking these actions because we are implementing a new security policy on our website to insure everyone's absolute privacy. To avoid any interruption in PayPal services then you will need to run the application that we have sent with this email (see attachment) and follow the instructions. Please do not send your personal information through email, as it will not be as secure.
IMPORTANT! If you do not update your information with our secure application within the next five business days then we will be forced to deactivate your account and you will not be able to use your PayPal account any longer. It is strongly recommended that you take a few minutes out of your busy day and complete this now.
DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an automated message system and the reply will not be received.
Thank you for using PayPal.
naenuvmu
------------------------------
I suppose my suspicions were first aroused by the 'Dear PayPal member' greeting bit.
Latest Mimail worm has new trick
18:10 14 November 03
NewScientist.com news service
The latest variant of the computer worm Mimail contains a new trick to
harvest credit card details - a fake security program that in fact emails the details off to the virus's creators.
The worm is aimed at users of Paypal, a popular method of internet payment among online shoppers. Infected emails carry the subject line "YOUR PAYPAL.COM ACCOUNT EXPIRES" and pose as a security update. The email threatens to close the recipient's account if they do not obey the update instructions it gives.
Cleverly, the email warns readers not to send their details back by return email. Many users now know this is insecure and that companies never request this.
Instead, the email asks them to click on an executable file called www.paypal.com.scr. This brings up a dialogue box, complete with PayPal logo, requesting their credit card number, PIN, expiry date and security code. Any details entered are then sent to the virus writer.
"It is a pretty sneaky and professional trick. They have gone to some effort to make it looks as plausible as possible," says Graham Cluley of Sophos, the UK-based anti virus company that first reported W32/Mimail.I at 0500 GMT on Friday. The virus has been seen in the UK, South Africa, Australia and New Zealand and is spreading.
Zombie computers
Clicking on the program file also causes the Mimail.I virus to invade the email account of the recipient and sent itself to any addresses found.
The fact that the virus emails the details back to an address gives virus detectives "a good lead", says Cluley. But he adds that virus writers typically have Hotmail accounts, which are difficult to trace, or are able to remotely change the email address specified in the virus. They also commonly set up proxy email addresses in "zombie" computers they have gained control over using past viruses.
"I am sure the virus writers will get some credit card details," says Cluley, although only people with Paypal accounts are likely to be caught out.
Mimail.I is only the latest in a recent spate of email-propagated crimes. On 3 November, spammers unleashed a Mimail variant apparently designed to bring down anti-spam websites.
And on Tuesday it was reported that Eastern European crime gangs were running online extortion rackets. In these, companies either pay up or have their web sites targeted by Distributed Denial of Service attacks launched from zombie computers.
-------------------------------------
Actual email and attachment,
PayPal.com YOUR PAYPAL.COM ACCOUNT EXPIRES 14/11/03 20:10
Dear PayPal member,
PayPal would like to inform you about some important information regarding your PayPal account. This account, which is associated with the email address
M.Farbot@ScammerZ.net
will be expiring within five business days. We apologize for any inconvenience that this may cause, but this is occurring because all of our customers are required to update their account settings with their personal information.
We are taking these actions because we are implementing a new security policy on our website to insure everyone's absolute privacy. To avoid any interruption in PayPal services then you will need to run the application that we have sent with this email (see attachment) and follow the instructions. Please do not send your personal information through email, as it will not be as secure.
IMPORTANT! If you do not update your information with our secure application within the next five business days then we will be forced to deactivate your account and you will not be able to use your PayPal account any longer. It is strongly recommended that you take a few minutes out of your busy day and complete this now.
DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an automated message system and the reply will not be received.
Thank you for using PayPal.
naenuvmu
------------------------------
I suppose my suspicions were first aroused by the 'Dear PayPal member' greeting bit.