Home > Security News > Mimail-J variant a growing threat
Security News:
EMAIL THIS

Mimail-J variant a growing threat

By Edward Hurley, SearchSecurity.com News Writer
18 Nov 2003 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

A new Mimail variant on the loose bares a striking resemblance to its brethren.

Mimail-J seems to be gaining some traction. Symantec Security Response has upgraded the worm to a Category 3 (out of five) threat. F-Secure Corp. has it as a Level 2 risk. U.K.-based e-mail filtering outsourcer MessageLabs intercepted more than 25,000 copies of it between Monday and 9 a.m. EST today.

Mimail-J tries, like Mimail-I, to get recipients to give up credit card details, but it goes one step further, asking for a Social Security number and the recipient's mother's maiden name.

The e-mail message carrying the worm has the following characteristics:

From: PayPal.com[Do_Not_Reply@paypal.com]

Subject: "IMPORTANT" or "Problems with your PayPal account"

Message Body:

Dear PayPal member,

We regret to inform you that your account is about to be expired in next five business days. To avoid suspension of your account you have to reactivate it by providing us with your personal information.

To update your personal profile and continue using PayPal services you have to run the attached application to this email. Just run it and follow the instructions.

IMPORTANT! If you ignore this alert, your account will be suspended in [the] next five business days and you will not be able to use PayPal anymore.

Thank you for using PayPal.

Attachment: "www.paypal.com.pif" or "InfoUpdate.exe"

When infecting a system, the worm drops copies of itself in the Windows folder with names such as SvcHost32.exe and ee98af.tmp. It also generates bogus PayPal files in the root directory of the infected computer, with the filenames "pp.hta" and "index2.hta." It is these files that pop up looking like Web pages, asking for sensitive information.

Administrators should block the file-extension types used by Mimail because, for the most part, they have no legitimate business functions and are favorite vehicles of malicious code.



Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


More Tips to Secure Your Network
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts