News Stay informed about the latest enterprise technology news and product updates.

Mimail-J variant a growing threat

Another version of the Mimail worm appeared Monday. This one, like the previous incarnation, poses as a PayPal notification and asks for sensitive personal data, including, this time, Social Security numbers.

A new Mimail variant on the loose bares a striking resemblance to its brethren.

Mimail-J seems to be gaining some traction. Symantec Security Response has upgraded the worm to a Category 3 (out of five) threat. F-Secure Corp. has it as a Level 2 risk. U.K.-based e-mail filtering outsourcer MessageLabs intercepted more than 25,000 copies of it between Monday and 9 a.m. EST today.

Mimail-J tries, like Mimail-I, to get recipients to give up credit card details, but it goes one step further, asking for a Social Security number and the recipient's mother's maiden name.

The e-mail message carrying the worm has the following characteristics:


Subject: "IMPORTANT" or "Problems with your PayPal account"

Message Body:

Dear PayPal member,

We regret to inform you that your account is about to be expired in next five business days. To avoid suspension of your account you have to reactivate it by providing us with your personal information.

To update your personal profile and continue using PayPal services you have to run the attached application to this email. Just run it and follow the instructions.

IMPORTANT! If you ignore this alert, your account will be suspended in [the] next five business days and you will not be able to use PayPal anymore.

Thank you for using PayPal.

Attachment: "" or "InfoUpdate.exe"

When infecting a system, the worm drops copies of itself in the Windows folder with names such as SvcHost32.exe and ee98af.tmp. It also generates bogus PayPal files in the root directory of the infected computer, with the filenames "pp.hta" and "index2.hta." It is these files that pop up looking like Web pages, asking for sensitive information.

Administrators should block the file-extension types used by Mimail because, for the most part, they have no legitimate business functions and are favorite vehicles of malicious code.

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.