New worm variant targets identity data

A variant of the MiMail worm became widespread today, trying to steal personal and financial information from users of an online payment service.

Ken Dunham, director of malicious code at iDefense Inc. of Reston, Va., called it one of the year's more significant attacks because it represents a dangerous trend 'away from notoriety and toward criminal gain.'

The worm sends an e-mail attachment with a dialog box that requests PayPal.com account information, including credit card numbers. The new variant does not automatically capture financial data from the recipient's computer, however.

Dunham said the latest wave of MiMail worms began Oct. 31, with six variants popping up in three days. He predicted new versions will continue to appear.

The most recent variant masquerades as an e-mail notification that an account with PayPal of Mountain View, Calif., is expiring. It instructs users to update account settings and personal information and forwards the data to e-mail addresses in Russia or the Czech Republic.

Systems administrators can filter out the attachments 'paypal.asp.scr' and 'www.paypal.com.scr.'


About the Author

William Jackson is a Maryland-based freelance writer.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.