 |
 New Mimail virus infiltrates computer systems
January 20, 2004
A new virus has been found in the wild that manages to combine users' favorite bugbears - spam, phishing, PayPal scams and viruses - in one handy malware package.
The virus threats customers of eBay Inc.'s PayPal online payment service and highlights a growing trend in which online criminals combine computer viruses, spam distribution techniques, Trojan horse programs and "phishing" scams to bypass system's security boundaries and fool Internet users.
The virus was sent out in a bulk e-mailing two days ago with an accompanying message that claimed to be directly from the PayPal. The fraudulent e-mail claimed that PayPal would add 10 percent to the account value of any customer who filled out a form accessed by running the attachment, named Paypal.exe.
"Registration is simple," stated the message. "Just extract the attached archive with WinZip, run the application, and follow the instructions we have provided."
When run, the attached program downloads and runs a new version of the Mimail virus, Mimail-N, which started doing the rounds last week. The virus goes on to collect e-mail addresses from the user's address books and sends itself out every time the user starts Windows.
Trojan horse programs can't spread on their own, like e-mail or Internet worms, but they do provide a new way to infiltrate a computer on a network that utilizes antivirus protection at the e-mail gateway. If the antivirus product hasn't been updated to detect the new Trojan horse program, e-mail messages containing it can slip by those defenses and be opened by users, Theriault said.
According to the security analysts, the new worm will have the biggest impact on home Internet users who have not installed desktop antivirus or firewall products.
Even if users end up falling for the ruse, organizations that use firewalls and desktop antivirus products should be able to spot the Trojan horse program once it's installed on the desktop or prevent it from connecting to the outside server and retrieving a copy of the Mimail worm, said said Carole Theriault, security consultant at Sophos PLC in Abingdon, England.
The change in virus-writing strategy could be an attempt by writers to bypass unwitting users' virus protection, but antivirus firm Sophos has advised companies to block executable code that arrives via e-mail so that the virus is killed before it reaches users.
|
|
