MiMail: yet another one
Print storyDownload variant
Posted in Anti-Virus, 15th January 2004 15:20 GMT
Free whitepaper – Avoiding 7 common mistakes of IT security compliance
The saga of Mimail and PayPal continues with a new variant doing the rounds today. This is an email purporting to come from PayPal with the subject header "PAYPAL.COM NEW YEAR OFFER". Attached is a file "paypal.exe".
Rather than containing the well-documented and well detected Mimail.P worm, the attachment actually contains a 2kb downloader which if run, promptly toddles off and downloads a copy of Mimail.P from a Russian web server.
This latest iteration of Mimail plus PayPal only affects MS Windows machines, and follows the infection routines and actions of older version.
The only critical difference is the download angle (instead of a worm attachment). Also the the subject line of the spoofed email has changed. Advice remains much the same as ever too, namely don't open dodgy looking attachments (especially those purporting to come from PayPal) and update your virus scanners. ®
Free whitepaper – Certify your software integrity with Thawte code signing certificates
The best practices guide for application security
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Certify your software integrity with Thawte code signing certificates
The future of SaaS and IT infrastructure management
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive