Article

Mimail-J variant a growing threat

Edward Hurley, SearchSecurity.com News Writer

A new Mimail variant on the loose bares a striking resemblance to its brethren.

Mimail-J seems to be gaining some traction. Symantec Security Response has upgraded the worm to a Category 3 (out of five) threat. F-Secure Corp. has it as a Level 2 risk. U.K.-based e-mail filtering outsourcer MessageLabs intercepted more than 25,000 copies of it between Monday and 9 a.m. EST today.

Mimail-J tries, like

    Requires Free Membership to View

Mimail-I, to get recipients to give up credit card details, but it goes one step further, asking for a Social Security number and the recipient's mother's maiden name.

The e-mail message carrying the worm has the following characteristics:

From: PayPal.com[Do_Not_Reply@paypal.com]

Subject: "IMPORTANT" or "Problems with your PayPal account"

Message Body:

Dear PayPal member,

We regret to inform you that your account is about to be expired in next five business days. To avoid suspension of your account you have to reactivate it by providing us with your personal information.

To update your personal profile and continue using PayPal services you have to run the attached application to this email. Just run it and follow the instructions.

IMPORTANT! If you ignore this alert, your account will be suspended in [the] next five business days and you will not be able to use PayPal anymore.

Thank you for using PayPal.

Attachment: "www.paypal.com.pif" or "InfoUpdate.exe"

When infecting a system, the worm drops copies of itself in the Windows folder with names such as SvcHost32.exe and ee98af.tmp. It also generates bogus PayPal files in the root directory of the infected computer, with the filenames "pp.hta" and "index2.hta." It is these files that pop up looking like Web pages, asking for sensitive information.

Administrators should block the file-extension types used by Mimail because, for the most part, they have no legitimate business functions and are favorite vehicles of malicious code.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: