New Mimail variant spreading fast
By Alun Williams
Posted on 18 Nov 2003 at 16:33
Twenty-six thousand, and rising rapidly. This is the number of occurrences of the Mimail-J virus that have been detected by MessageLabs, the email security company. And that was before the US came fully online today.
To be precise, 26,472 instances of the virus have been monitored, as of 1pm today. The latest J-variant is very similar to Mimail-I, which we reported on at the end of last week, in that it is a financial scam purporting to concern PayPal payments.
With a From field of 'Do_Not_Reply@paypal.com', the subject line contains some random characters and the text 'Problems with your PayPal account'. The name of the attachment is www.paypal.com.pif or infoupdate.exe.
'Dear PayPal member, We regret to inform you that your account is about to be expired,' begins the message, before prompting the user, via a series of dialog boxes, to reveal their financial details and further information such as Social Security Number and their mother's maiden name. Information from the bogus verification process is then saved into the file ppinfo.sys, which is subsequently sent to a remote server.
'In the case of Mimail.J, the virus is nothing more than a vehicle for the delivery of an email designed to defraud unsuspecting users,' said Mark Sunner, CTO MessageLabs. 'This suggests that the mindset of the virus author is changing, whereas once disruption was motivation enough we are now seeing a new breed of cybercriminal intent on using viruses as a means of lining their own pockets.'
'The resulting viruses,' he went on, 'have a "hit and run" style approach, and are not engineered to have any longevity. Instead they rely on duping a crop of unsuspecting users before a new variant is released and the process begins again.'
MessageLabs believes the initial copy of the new variant originated from France. The majority of infected emails, however, have been sent from the USA (74 per cent of the total seen so far).
More info on the spread of Mimail-J can be found on the MessageLabs website, and details of the virus itself can be found on the Sophos website.
Sophos believes that the Mimail viruses are all by the same author, or group of authors.
See also
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Is Microsoft mismanaging Windows on ARM?
- Dealing with spam surrogates
- Why 3G broadband can be better and cheaper than ADSL
- Is Twitter bad for business?
- Publishing your email address isn't a security disaster
- Why you'll need a fax machine to develop iOS apps
- Learning to adapt to the mobile web
- Why you shouldn't use WPS on your Wi-Fi network
- Disabled users suffer when software breaks the rules
advertisement
