Defrauding worm spreading fast

Defrauding worm spreading fast

By Stuart Finlayson

A new variant of the MiMail worm, which is disguised as a message from online payment vendor PayPal, is spreading fast, according to security experts.

The message tries to con recipients into sending their credit card details to avoid expiration of their PayPal account. "We regret to inform you that your account is about to be expired in next five business days. To avoid suspension of your account you have to reactivate it by providing us with your personal information. To update your personal profile and continue using PayPal services you have to run the attached application to this email. Just run it and follow the instructions. IMPORTANT! If you ignore this alert, your account will be suspended in next five business days and you will not be able to use PayPal anymore," the worryingly authentic looking message reads.

The worm arrives as an attachment to an email called either InfoUpdate.exe or www.paypal.com.pif. The sender's email address is forged, masking the true identity of the sender.

David Banes, Technical Director, Asia Pacific at email security systems provider MessageLabs, said the nature of the message of this particular worm represents a worrying development.

"MiMail.J is a prime example of a new and sinister trend emerging within the virus writing community. Historically, viruses have primarily been written by misguided young adolescent males with either malicious intent, a chip on their shoulder or a desire for notoriety amongst their virus writing pals. What we are beginning to see now is a shift towards actual fraud, where financial gain by deception is the primary objective.

"In the case of MiMail.J, the virus is nothing more than a vehicle for the delivery of an email designed to defraud unsuspecting users. This suggests that the mindset of the virus author is changing, whereas once disruption was motivation enough we are now seeing a new breed of cybercriminal intent on using viruses as a means of lining their own pockets. The resulting viruses have a 'hit and run' style approach, and are not engineered to have any longevity. Instead they rely on duping a crop of unsuspecting users before a new variant is released and the process begins again."

Related Article:

More virus attacks in 2003 but less damage