OT-New virus disguised as PayPal e-mail CNET News.com

New virus disguised as PayPal e-mail | CNET News.comFrom Roger

CNET
News.com
  CNET tech sites: a.. Price comparisons a.. Product reviews a.. Tech news a..
Downloads a.. Site map 0
New virus disguised as PayPal e-mail
Last modified: November 14, 2003, 12:05 PM PST
By Robert Lemos
Staff Writer, CNET News.com


A computer virus that camouflages itself as a message from PayPal has started
spreading among home users, antivirus companies said on Friday.

The program is a variant of the Mimail virus, which has previously spread by
appearing to be a security advisory from Microsoft. The latest version of the
program is attached to an e-mail forged to look as though it came from PayPal,
an online payment service bought by eBay last year. Running the program
infects the victim's computer and asks the PC user for credit card
information, which the virus then sends to the attacker.

"It is a new trend among virus authors to get deeper into criminal acts and
attempt to generate revenue," said Craig Schmugar, virus research engineer for
security company Network Associates.




      Get Up to Speed on...
      Enterprise security
      Get the latest headlines and
      company-specific news in our
      expanded GUTS section.




Another virus, Sobig, is believed by many researchers to have been spread by a
group that sells a list of the machines the program compromises to spammers.
The latest variant of Mimail takes a more direct approach to illicitly
obtaining funds.

The virus appears as an attachment--"www.paypal.com.scr"--to an e-mail that
purports to be from PayPal.

"PayPal would like to inform you about some important information regarding
your PayPal account," the message reads. "This account, which is associated
with the email address will be expiring within five business days. We
apologize for any inconvenience that this may cause, but this is occurring
because all of our customers are required to update their account settings
with their personal information. We are taking these actions because we are
implementing a new security policy on our website to insure everyone's
absolute privacy."

When a person opens the e-mail attachment, a window appears bearing the PayPal
logo and asking for credit card information. The virus stores any information
provided by the victim in a file called "ppinfo.sys" and the file is sent to
four e-mail addresses stored in the program.

Antivirus companies are in the process of blocking access to the e-mail boxes.

The virus also searches through the Internet browser files cached on a
victim's computer and grabs e-mail addresses from the sources found there. It
will then send itself as an attachment to the original e-mail to every address
found.

Companies tend to respond to such virus threats very quickly, and many block
e-mail attachments as a matter of policy, so it's mainly home users that have
to worry, said Vincent Weafer, senior director for incident response at
security software company Symantec.

"We see a lot of corporate submissions in the very beginning and then it moves
almost exclusively to those from home users," he said.

The companies recommended that PC users update their virus definitions.


Dig deeper: Hacking | E-mail


  a.. Microsoft bounty to disrupt virus writers?

  November 5, 2003
  b.. New worm poses DoS attack threat

  October 31, 2003
  c.. Report: Flaws quickly spawn Net attacks

  October 1, 2003
  d.. eBay beefs up antifraud policies

  June 27, 2003
  e.. Get this story's "Big Picture"

Quotes delayed 20+ minutes
  a..   Networks Associates Inc   NET   14.01   -0.44 (-3.04%)
  b..   Symantec Corp   SYMC   65.30   -1.10 (-1.66%)
  c..   Microsoft Corporation   MSFT   25.50   -0.19 (-0.74%)
  d..   eBay Inc   EBAY   54.38   -1.85 (-3.29%)
White papers about Hacking   More results
  a.. Security Intelligence and Control Services
      VeriSign
  b.. Managed Security Services-Securing Your Critical Networks
      VeriSign
  c.. Security Intelligence & Control Services
      VeriSign








Patch and pray
Diana Kelley of Computer Associates says security patches are a mixed
blessing.
  Enterprise Security




Case study on smart cards
Sun's Chris Saleh says one of the company's key objectives has been to enable
mobility with security."

  Enterprise Security



 CNET's audiocast archives



Finding the magic formula
Pricing remains one of the major sticking in comparing various utility
computing plans.
 Utility computing





The FCC will begin an inquiry into VoIP regulation, per the request of Vonage
and others.
  VoIP



A total of 707 million people are expected to be using Wi-Fi by 2008, up from
12 million in 2003, according to Pyramid Research.
  Wi-Fi




[Ad]


  This week's headlines

 How to floss your security system
 Yahoo tests pop-up blocking toolbar
 CyberGuard snaps up SnapGear
 Sun sells retailers on StarOffice
 'Smart shelf' test triggers fresh criticism
 Court rules in favor of ICANN
 Mail server flaw opens Exchange to spam
 PeopleSoft weighs guarantee program
 McAfee fixes eBay glitch
 High schoolers take on CalTechies in robot race
 Epicor Software to buy European rival
 Software tool smothers sponsored search
 IBM Power blades to arrive in March
 IBM to set up chain of school labs
 AOL shifts e-mail graphics policy




 Linux lab hires lawyers for Torvalds
 Start-up looks to do the math with new chip
 GameSpy warns security researcher
 Sun bets on free Java tool
 When IT jobs disappear
 Smile, gamers: You're in the picture
 Futuristic displays are coming into focus
 Oracle's waiting game
 Is cyberterrorism a phantom menace?
 With copiers, can HP print unit duplicate its success?




   News.com Morning Dispatch sample
News.com Afternoon Dispatch sample
News.com Enterprise Hardware sample
All News.com newsletters

Business Management
Small Business Owners
IT Professionals

Manage My Newsletters

 Send us news tips | Contact us | Corrections | XML | Contact licensing | Get
News.com mobile | NewslettersFeatured services: BNET: Business White Papers |
Free magazine trial | CNET's Digital Living | Find tech jobs | Hot Downloads
CNET Networks:Builder.com | CNET | GameSpot | mySimon | TechRepublic | ZDNet
About CNETHow to advertise | Support | CNET Jobs | Terms of service
Copyright 1995-2003 CNET Networks, Inc. All rights reserved. Privacy policy

[demime 1.01d removed an attachment of type image/gif which had a name of dotclear.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of newscom_logo.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of front_tab1_off.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of entsoft_tab2_off.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of enthard_tab3_off.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of secur_tab4_on.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of net_tab5_off.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of pt_tab6_off.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of net_tab7_off.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of g_savestories.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of advance_search.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of tophd_security.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of print_hed.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of email_hed.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of save.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of b.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of redarrow.gif]

[demime 1.01d removed an attachment of type image/jpeg which had a name of story_related.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of story_relatedq.jpg]

[demime 1.01d removed an attachment of type image/gif which had a name of down_arrow.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of dotclear.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of guts_hd.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of ent_off.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of open_off.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of util_off.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of voip_off.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of web_off.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of wifi_off.gif]

[demime 1.01d removed an attachment of type image/jpeg which had a name of kelley_d.jpg]

[demime 1.01d removed an attachment of type image/gif which had a name of redarrow.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of aud_saleh_c.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of playaudio.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of guts_dots.gif]

[demime 1.01d removed an attachment of type image/jpeg which had a name of guts_journal.jpg]

[demime 1.01d removed an attachment of type image/gif which had a name of guts_track.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of guts_f_wifi.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of advertisement.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of dotclear.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of dotclear.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of hd_latest.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of save_icon.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of hd_pophdln.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of cnet-v-hed_300.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of cnet-v-sp-offer_300.gif]

[demime 1.01d removed an attachment of type image/gif which had a name of smrb.gif]

[demime 1.01d removed an attachment of type application/octet-stream which had a name of c.gif?ts=1068917201&edId=3&prtnr=CNET%20Networks,%20Inc.&oid=2100-7355-5107764&ptId=2100&onId=7355&sId=3&asId=5107764&a]

---------------------------------------------------------------------
Pumpkin-growing archives: http://www.hort.net/lists/pumpkins/
To sign-off this list, send email to majordomo@hort.net with the
message text UNSUBSCRIBE PUMPKINS
Other Mailing lists | Author Index | Date Index | Subject Index | Thread Index