|
Description:
Similar to the earlier Mimail variant, WORM_MIMAIL.I, this worm also attempts to steal credit card information from target users.
Using its own SMTP (Simple Mail Transfer Protocol) engine, it sends copies of itself via email to addresses found in the affected system's Internet cache. It usually arrives as a UPX-compressed attachment with a .PIF extension name.
The email that it sends out has the following characteristics:
From: PayPal.com[Do_Not_Reply@paypal.com]
Subject: (any of the following)
• IMPORTANT <random string>
• Problems with your PayPal account.
Message Body:
Dear PayPal member,
We regret to inform you that your account is about to be expired in next five business days. To avoid suspension of your account you have to reactivate it by providing us with your personal information.
To update your personal profile and continue using PayPal services you have to run the attached application to this email. Just run it and follow the instructions.
IMPORTANT! If you ignore this alert, your account will be suspended in next five business days and you will not be able to use PayPal anymore.
Thank you for using PayPal.
<random string>
Attachment: (any of the following)
• www.paypal.com.pif
• InfoUpdate.exe
This memory-resident worm runs on Windows 95, 98, ME, NT, 2000 and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Nov. 17, 2003 12:53:10 PM GMT -0800
Description updated: Nov. 17, 2003 1:54:07 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
