New worm variant targets identity data

A variant of the MiMail worm became widespread today, trying to steal personal and financial information from users of an online payment service.

Ken Dunham, director of malicious code at iDefense Inc. of Reston, Va., called it one of the year's more significant attacks because it represents a dangerous trend 'away from notoriety and toward criminal gain.'

The worm sends an e-mail attachment with a dialog box that requests account information, including credit card numbers. The new variant does not automatically capture financial data from the recipient's computer, however.

Dunham said the latest wave of MiMail worms began Oct. 31, with six variants popping up in three days. He predicted new versions will continue to appear.

The most recent variant masquerades as an e-mail notification that an account with PayPal of Mountain View, Calif., is expiring. It instructs users to update account settings and personal information and forwards the data to e-mail addresses in Russia or the Czech Republic.

Systems administrators can filter out the attachments 'paypal.asp.scr' and ''

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • open doors to cloud (Sergey Nivens/

    New vendors join FedRAMP Connect

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group