'Magic' Juan
11-14-2003, 12:54 PM
Check the following article which I just got via email:
Below is information about a new virus that has hit the internet/email
> community. Remember,
> * Never open unexpected attachments from any source.
> * Most of the modern viruses falsify the "From" field and appear to
> come from friends, co-workers and third parties.
> * Any e-mail that asks for credit card information is suspect. Be
> careful, and verify with vendors before giving out your credit card
> details.
> * Update your virus definition files on a regular basis. (ADA machines
> are updates automatically)
>
>
> About the Virus
> Virus Name: Mimail.C
> The Mimail.C virus disguises itself as an expiration notice from PayPal
> asking you to update your account's credit card information. Ironically,
> the virus even warns you never to send credit card information over e-mail
> for security reasons. However, if you run Mimail.I's attachment, it
> ignores its own advice by forwarding your credit card details to four of
> the author's e-mail addresses and broadcasting itself to all your friends
> and contacts.
> Distinguishing Characteristics
> As with past Mimail variants, you can easily spot this virus because it
> always uses the same From address, Subject, Body and Attachment:
> From: "PayPal.com" donotreply@paypal.com
> Subject: YOUR PAYPAL.COM ACCOUNT EXPIRES
> Dear PayPal member,
>
> PayPal would like to inform you about some important information regarding
> your PayPal account. This account, which is associated with the email
> address will be expiring within five business days. We apologize for any
> inconvenience that this may cause, but this is occurring because all of
> our customers are required to update their account settings with their
> personal information. We are taking these actions because we are
> implementing a new security policy on our website to insure everyone's
> absolute privacy. To avoid any interruption in PayPal services then you
> will need to run the application that we have sent with this email (see
> attachment) and follow the instructions. Please do not send your personal
> information through email, as it will not be as secure. IMPORTANT! If you
> do not update your information with our secure application within the next
> five business days then we will be forced to deactivate your account and
> you will not be able to use your PayPal account any longer. It is strongly
> recommended that you take a few minutes out of your busy day and complete
> this now. DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an
> automated message system and the reply will not be received. Thank you for
> using PayPal
> Attachment: www.paypal.com.scr (http://www.paypal.com.scr) (sometimes also paypal.asp.scr)
> If you execute Mimail's attachment, the worm adds the file svchost32.exe
> to your Windows directory and adds a registry entry ensuring that the file
> restarts whenever your machine reboots. The worm then searches for e-mail
> addresses within many different file types on your machine. After
> collecting all the addresses, Mimail uses its own SMTP engine to e-mail
> itself to them.
> To trick you into giving away your credit card information, the worm
> displays the PayPal popup window shown in McAfee's alert
> <http://vil.nai.com/vil/content/v_100822.htm>. If you fill out the popup
> with your credit card details, Mimail creates a file called ppinfo.sys on
> your C: drive and sends that file to four hard-coded e-mail addresses
> belong to the virus author. At the time of this writing, anti-virus
> vendors were in the process of shutting down the e-mail addresses in
> question.
magic_juan
Below is information about a new virus that has hit the internet/email
> community. Remember,
> * Never open unexpected attachments from any source.
> * Most of the modern viruses falsify the "From" field and appear to
> come from friends, co-workers and third parties.
> * Any e-mail that asks for credit card information is suspect. Be
> careful, and verify with vendors before giving out your credit card
> details.
> * Update your virus definition files on a regular basis. (ADA machines
> are updates automatically)
>
>
> About the Virus
> Virus Name: Mimail.C
> The Mimail.C virus disguises itself as an expiration notice from PayPal
> asking you to update your account's credit card information. Ironically,
> the virus even warns you never to send credit card information over e-mail
> for security reasons. However, if you run Mimail.I's attachment, it
> ignores its own advice by forwarding your credit card details to four of
> the author's e-mail addresses and broadcasting itself to all your friends
> and contacts.
> Distinguishing Characteristics
> As with past Mimail variants, you can easily spot this virus because it
> always uses the same From address, Subject, Body and Attachment:
> From: "PayPal.com" donotreply@paypal.com
> Subject: YOUR PAYPAL.COM ACCOUNT EXPIRES
> Dear PayPal member,
>
> PayPal would like to inform you about some important information regarding
> your PayPal account. This account, which is associated with the email
> address will be expiring within five business days. We apologize for any
> inconvenience that this may cause, but this is occurring because all of
> our customers are required to update their account settings with their
> personal information. We are taking these actions because we are
> implementing a new security policy on our website to insure everyone's
> absolute privacy. To avoid any interruption in PayPal services then you
> will need to run the application that we have sent with this email (see
> attachment) and follow the instructions. Please do not send your personal
> information through email, as it will not be as secure. IMPORTANT! If you
> do not update your information with our secure application within the next
> five business days then we will be forced to deactivate your account and
> you will not be able to use your PayPal account any longer. It is strongly
> recommended that you take a few minutes out of your busy day and complete
> this now. DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an
> automated message system and the reply will not be received. Thank you for
> using PayPal
> Attachment: www.paypal.com.scr (http://www.paypal.com.scr) (sometimes also paypal.asp.scr)
> If you execute Mimail's attachment, the worm adds the file svchost32.exe
> to your Windows directory and adds a registry entry ensuring that the file
> restarts whenever your machine reboots. The worm then searches for e-mail
> addresses within many different file types on your machine. After
> collecting all the addresses, Mimail uses its own SMTP engine to e-mail
> itself to them.
> To trick you into giving away your credit card information, the worm
> displays the PayPal popup window shown in McAfee's alert
> <http://vil.nai.com/vil/content/v_100822.htm>. If you fill out the popup
> with your credit card details, Mimail creates a file called ppinfo.sys on
> your C: drive and sends that file to four hard-coded e-mail addresses
> belong to the virus author. At the time of this writing, anti-virus
> vendors were in the process of shutting down the e-mail addresses in
> question.
magic_juan