Mimail-J variant a growing threat

Another version of the Mimail worm appeared Monday. This one, like the previous incarnation, poses as a PayPal notification and asks for sensitive personal data, including, this time, Social Security numbers.

This Content Component encountered an error

A new Mimail variant on the loose bares a striking resemblance to its brethren.

Mimail-J seems to be gaining some traction. Symantec Security Response has upgraded the worm to a Category 3 (out of five) threat. F-Secure Corp. has it as a Level 2 risk. U.K.-based e-mail filtering outsourcer MessageLabs intercepted more than 25,000 copies of it between Monday and 9 a.m. EST today.

Mimail-J tries, like Mimail-I, to get recipients to give up credit card details, but it goes one step further, asking for a Social Security number and the recipient's mother's maiden name.

The e-mail message carrying the worm has the following characteristics:

From: PayPal.com[Do_Not_Reply@paypal.com]

Subject: "IMPORTANT" or "Problems with your PayPal account"

Message Body:

Dear PayPal member,

We regret to inform you that your account is about to be expired in next five business days. To avoid suspension of your account you have to reactivate it by providing us with your personal information.

To update your personal profile and continue using PayPal services you have to run the attached application to this email. Just run it and follow the instructions.

IMPORTANT! If you ignore this alert, your account will be suspended in [the] next five business days and you will not be able to use PayPal anymore.

Thank you for using PayPal.

Attachment: "www.paypal.com.pif" or "InfoUpdate.exe"

When infecting a system, the worm drops copies of itself in the Windows folder with names such as SvcHost32.exe and ee98af.tmp. It also generates bogus PayPal files in the root directory of the infected computer, with the filenames "pp.hta" and "index2.hta." It is these files that pop up looking like Web pages, asking for sensitive information.

Administrators should block the file-extension types used by Mimail because, for the most part, they have no legitimate business functions and are favorite vehicles of malicious code.

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close