Latest Mimail Worm Dupes Users Into Disclosing Credit Card Details
Posted on 14.11.2003
Sophos, a world-leader in anti-virus and anti-spam protection for businesses, is warning of a new variant of the Mimail worm, which is spreading in the wild, with reports received in the UK, South Africa, Australia and New Zealand.

The new worm, named W32/Mimail-I, arrives in an email with a subject line of "YOUR PAYPAL.COM ACCOUNT EXPIRES", and asks recipients to provide detailed information about their credit cards, claiming that PayPal "are implementing a new security policy."

The email correctly advises not to send this personal information through email as it could be insecure. Instead, it instructs credit card holders to run the attached program.

If the user double-clicks on the attached file, "www.paypal.com.scr", a dialog box pops up requesting the user to enter a range of information about their credit card. This includes full credit card number, PIN, expiry date, and even the CVV code - the three-digit personal security code printed on the back of cards. The dialog box includes a PayPal logo in a further attempt to appear legitimate.

"Mimail-I tries to harvest bank card data and then sends it out to the bad guys in an email. It even includes a realistic-looking checkbox which users are expected to tick in order to confirm that the details they have entered are correct," said Graham Cluley, senior technology consultant, Sophos. "But the email sent by Mimail-I could never be legitimate - banks and credit card companies never request information of this sort via email, which is simply not secure enough for transactions of this type."

As well as ripping off bank information, Mimail-I sends itself to everybody whose email addresses appears on the infected hard disk.

Sophos advises that Mimail-I can be easily prevented by using up-to-date anti-virus software, or blocking files with more than one extension at the email gateway.





Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //