ALERT: Virus Scam Alert!!

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

New Virus Appears as PayPal Scam
Mon Nov 17,12:00 PM ET
Lincoln Spector, special to

If you get an e-mail message warning you that your PayPal account is about
to expire, don't open it. If you open it, don't double-click the attachment.
If you double-click the attachment, don't complete the form asking for your
credit card information. And if you do fill in the form, call your credit
card company immediately.

And don't blame PayPal. The problem is an e-mail virus, Mimail.I, first
spotted on November 13. Most viruses are sick jokes; this one's out to steal
your money.

How It Works

Mimail (pronounced "my mail") arrives in an e-mail that appears to be from
PayPal. In very convincing language, it states that your account will expire
soon unless you resubmit your credit card information. "We apologize for any
inconvenience that this may cause," the text politely reads.

The letter even appears concerned about your privacy: "Please do not send
your personal information through e-mail, as it will not be as secure."
Instead, it asks that you run the attached program. That's where you enter
your valuable information, which it then sends to four different e-mail

It also scours your hard drive for new e-mail addresses to send the same
bogus message. These messages, like the one you got, are "spoofed" to appear
as if they came from PayPal.

"It appears to be another step in the advancement of spam," says David E.
Sorkin, an associate professor with the Center for Information Technology
and Privacy Law, at John Marshall Law School. "A few months ago there was
talk about spammers using viruses to send spam. Now they're using them for

Bryson Gordon, senior product manager for McAfee's Security Consumer
Division, finds this "far more sophisticated in social engineering [than
previous worms]... We're starting to see marked change in the battle with
viruses: a worm for profit."

Slow-Moving Pest

Luckily Mimail hasn't spread very far--at least not yet. "It's not a major
event. We're seeing less than a hundred infections overall," says Vincent
Weafer, a senior director at antivirus vendor Symantec Security Response.

As Weafer notes, that can change. "103259 Klez sat around for about a week
and then shot up," he says. But he doubts this one will spread like Klez.
Mimail is a "relatively easy one to explain. You can say 'If you see this,
delete it.'"

But justice is not likely to be served. According to Weafer, the culprits
will get caught "Only if they're stupid." The logical trail to follow, of
course, is the four e-mail addresses embedded in the code, but it's possible
to set up anonymous e-mail accounts without identifying yourself, or set up
an account with a stolen credit card.

What to Do

One thing is for certain: We'll see this sort of trick again, so it pays to
take precautions.

Be suspicious of any e-mail that asks for personal information, security
experts advise.

PayPal promises it "will never ask for your password or account information
in an e-mail," and most other companies on the Internet do likewise. If an
e-mail message contains a link to a form, examine the URL closely--it could
be just one letter away from the correct domain name.

Report suspicious e-mail to the company that is allegedly its source. PayPal
has an e-mail address,, for just this purpose.

And, of course, keep your antivirus applications and definitions up to date.
Users of Symantec's Norton AntiVirus products, as well as security programs
from BitDefender and Network Associates, were able to download the
appropriate protection by last Friday morning. In addition, both BitDefender
and Network Associates offer free Mimail fixes on their Web sites.

Re: ALERT: Virus Scam Alert!!


I received one today.
Our server removed the virus as below

Network Associates WebShield SMTP V4.5 MR1a on mailscanner102 detected virus
W32/Mimail.i@MM in attachment from


Re: ALERT: Virus Scam Alert!!

I've been getting these almost faithfully from Paypal and eBay ... at least
one per week. I immediately report them and they get squashed right away ...

Immediately after I report them I generally go fill in the form with info
name: F*#(
paypal account:
password: loser
CC#: (put their IP address here)
expiration Date: 25 years to life ....

Least we can do is fill up their databases full of useless crap. Someone
will be reading them.

SPAM them right back !

Quoted text here. Click to load it

Re: ALERT: Virus Scam Alert!!

David wrote:
Quoted text here. Click to load it

Good, I'm not the only one doing it then... ;)

Justin Koivisto -
PHP POSTERS: Please use comp.lang.php for PHP related questions,
              alt.php* groups are not recommended.

Site Timeline