November 14, 2003
A new variant of the MiMail worm is spreading around the world. It tries to trick consumers out of their credit card details by purporting to be from PayPal, the online payment service now owned by eBay.
Consumers receive an email with the headline 'YOUR PAYPAL.COM ACCOUNT EXPIRES' and claiming that the company is implementing a new security policy.
The email is especially sneaky in that it correctly advises people not to send out credit card details by email. But when the attachment in the email (www.paypal.com.scr) is opened the software displays a PayPal-branded window requesting all credit card information, tricking consumers into thinking they are on the PayPal Website.
The worm then mails itself out to all email addresses on the infected hard drive.
The original MiMail A was first detected in August and was originally used to harvest email addresses for spammers.
