posted on November 14, 2003 06:18:55 PM new
A computer virus that camouflages itself as a message from PayPal has started spreading among home users, antivirus companies said on Friday.
The program is a variant of the Mimail virus, which has previously spread by appearing to be a security advisory from Microsoft. The latest version of the program is attached to an e-mail forged to look as though it came from PayPal, an online payment service bought by eBay last year. Running the program infects the victim's computer and asks the PC user for credit card information, which the virus then sends to the attacker.
"It is a new trend among virus authors to get deeper into criminal acts and attempt to generate revenue," said Craig Schmugar, virus research engineer for security company Network Associates.
Another virus, Sobig, is believed by many researchers to have been spread by a group that sells a list of the machines the program compromises to spammers. The latest variant of Mimail takes a more direct approach to illicitly obtaining funds.
The virus appears as an attachment--"www.paypal.com.scr"--to an e-mail that purports to be from PayPal.
"PayPal would like to inform you about some important information regarding your PayPal account," the message reads. "This account, which is associated with the email address will be expiring within five business days. We apologize for any inconvenience that this may cause, but this is occurring because all of our customers are required to update their account settings with their personal information. We are taking these actions because we are implementing a new security policy on our website to insure everyone's absolute privacy."
When a person opens the e-mail attachment, a window appears bearing the PayPal logo and asking for credit card information. The virus stores any information provided by the victim in a file called "ppinfo.sys" and the file is sent to four e-mail addresses stored in the program.
Antivirus companies are in the process of blocking access to the e-mail boxes.
The virus also searches through the Internet browser files cached on a victim's computer and grabs e-mail addresses from the sources found there. It will then send itself as an attachment to the original e-mail to every address found.
posted on November 14, 2003 08:06:54 PM new
BEAR 1949
Thanks for the update. There is always another one of these scam deals every other day.
Firing squads are too good for these scum bags.
posted on November 15, 2003 11:43:27 AM new
The worst part of a hacker or virus writer always comes out smelling like a rose. I wonder what the kid from Minnesota got for the BUG virus. Probably a slap on the hands and a big contract from one of the major internet companies...
posted on November 15, 2003 07:46:01 PM new
Thanks for the heads up Bear. I was just looking at the Norton antivirus website and they show an example of the email. It is pretty slick. Here is a link to that page.
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
I hope nobody gets caught.
Regards,
Adrian
