In the past day, around 25,000 users have been infected by Mimail.j, the latest mass-mailing wormof online payment service PayPal.
According to security company F-Secure, Mimail.j is almost identical to Mimail.i but seems to be spreading more quickly than its predecessor. The latest variant of Mimail appears to be sent from "Do_Not_Reply@paypal.com" and contains a string of random characters in the subject line. Attached to the e-mail is either a file called "InfoUpdate.exe" or "www.paypal.com.pif".
Get Up to Speed on...
Get the latest headlines and
company-specific news in our
expanded GUTS section.
"It is curious that two have come along in the space of three or four days, but Mimail.j is a recompiled version of Mimail.i, with minimal changes. Most of the changes seem to reflect different subject lines and different e-mail content text when users open it, but the method of operating is pretty identical," an F-Secure representative said.
The worm has been rated highly dangerous because of the risk it carries for PayPal users. "Someone has gone to a considerable amount of trouble to fashion PayPal look-alike screens and 'phish' for credit card details," the F-Secure representative said.
The recent spate of worm and virus attacks has led network giant Cisco Systems to collaborate with antivirus software vendors--including Network Associates, Symantec and Trend Micro--to create the Cisco Network Admission Control system, which is part of the company's strategy to help companies minimize the effect of viruses and worms.
Mark Bouchard, senior program director at the Meta Group, welcomed the Cisco announcement and commented that companies should make it a priority to ensure that insecure nodes within their network are adequately protected.
"Many organizations were successful at stopping recent worm attacks at their Internet boundaries, yet still fell victim to the exploits when mobile or guest users connected their infected PCs directly to internal local-area networks," Bouchard said. "Eliminating this type of threat will require a combination of strengthened policies and network admission control systems."
ZDNet UK's Munir Kotadia reported from London.