X

Mimail mutant targets PayPal users

For the second time in four days, a new worm emerges that tries to con customers of the online payment service into revealing their credit card details.

Munir Kotadia Special to CNET News
2 min read
For the second time in four days, a new worm has emerged that tries to con PayPal users into revealing their credit card details.

In the past day, around 25,000 users have been infected by Mimail.j, the latest mass-mailing worm designed to target customers of online payment service PayPal.

According to security company F-Secure, Mimail.j is almost identical to Mimail.i but seems to be spreading more quickly than its predecessor. The latest variant of Mimail appears to be sent from "Do_Not_Reply@paypal.com" and contains a string of random characters in the subject line. Attached to the e-mail is either a file called "InfoUpdate.exe" or "www.paypal.com.pif".


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.


Mark Sunner, chief technology officer at e-mail security firm MessageLabs, said Tuesday that Mimail.j's sole purpose is to defraud unsuspecting users, which he believes indicates a change in the mindset of virus authors. "Once, disruption was motivation enough, but now we are seeing a new breed of cybercriminal that is intent on using viruses as a means of lining their own pockets. They rely on duping a crop of unsuspecting users before a new variant is released and the process begins again," he said.

"It is curious that two have come along in the space of three or four days, but Mimail.j is a recompiled version of Mimail.i, with minimal changes. Most of the changes seem to reflect different subject lines and different e-mail content text when users open it, but the method of operating is pretty identical," an F-Secure representative said.

The worm has been rated highly dangerous because of the risk it carries for PayPal users. "Someone has gone to a considerable amount of trouble to fashion PayPal look-alike screens and 'phish' for credit card details," the F-Secure representative said.

The recent spate of worm and virus attacks has led network giant Cisco Systems to collaborate with antivirus software vendors--including Network Associates, Symantec and Trend Micro--to create the Cisco Network Admission Control system, which is part of the company's strategy to help companies minimize the effect of viruses and worms.

Mark Bouchard, senior program director at the Meta Group, welcomed the Cisco announcement and commented that companies should make it a priority to ensure that insecure nodes within their network are adequately protected.

"Many organizations were successful at stopping recent worm attacks at their Internet boundaries, yet still fell victim to the exploits when mobile or guest users connected their infected PCs directly to internal local-area networks," Bouchard said. "Eliminating this type of threat will require a combination of strengthened policies and network admission control systems."

ZDNet UK's Munir Kotadia reported from London.