Mimail steals credit card information – upgraded to Level 3 risk by Symantec

As with other computer threats, prevention is much simpler than the cure.

19 11 2003

The Mimail worm is a mass-mailing virus which arrives in an email attachment supposedly from PayPal. It can steal credit card information from your computer and spread to others with whom you communicate via email. It can bring computers to a complete halt.

Distribution of the Mimail worm is classified as ‘High’ by Symantec. It was discovered in January 2003 and many hundreds of systems have been infected. Symantec have now upgraded this worm to a Level 3 threat.

Mimail arrives in an attachment to a fake email purportedly from PayPal. The message states that your PayPal account is about to expire and instructs you to update your personal profile by running the attached program, otherwise your account will be suspended in five business days. (See full text of the email message below.)

Mimail is relatively easy to contain. There are tools available to remove it from infected computers but this is not always straightforward to do.

The sender is Do_Not_Reply@paypal.com

The attachment with this email is named InfoUpdate.exe or www.paypal.com.pif.

The full text of this email is shown below.

For more information about the Mimail threat and how to deal with it, visit the web site of your anti-virus software provider, such as Symantec (Norton branded products), Surf Control or McAfee.

Systems known to be under threat from Mimail –

Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

Here is the full text of the email used by Mimail:

Problems with your PayPal account.

Dear PayPal member,

We regret to inform you that your account is about to be expired in next five business days. To avoid suspension of your account you have to reactivate it by providing us with your personal information.

To update your personal profile and continue using PayPal services you have to run the attached application to this email. Just run it and follow the instructions.

IMPORTANT! If you ignore this alert, your account will be suspended in next five business days and you will not be able to use PayPal anymore. Thank you for using PayPal.

[Note – There may be variants of this and other worms that arrive via emails.]

What is a 'worm'? –

Worms are a form of computer virus that multiply automatically across networks without human intervention. They can copy themselves using email and other means of distribution and may arrive in the form of a program apparently from a trusted source.

Worms do not infect other programs but they can contain malicious payloads that may, for example, delete all data on a hard disk. Often they become noticable only when they replicate and slow down normal functions of a computer or bring them to a complete halt.

MS Blaster (or Welchia) and Bugbear are examples of prolific worms that started attacking computers via email in mid 2003.