Security experts are warning e-mail users about a virus which tries to fool people into giving away bank details.
There has been a spate of such scams recently
Mimail.J targets customers of web payment system PayPal, and is the latest "phishing" scam, which tries to dupe users of financial services.
The worm travels as an attachment to a convincing e-mail, but once opened copies itself to other addresses.
Experts warn that the Windows virus is set to spread more rapidly and say users should ignore and delete it.
The e-mail pretending to be from PayPal has the subject line "important" and the attachments carrying the worm are called InfoUpdate.exe or www.paypal.com.pif.
The message content warns the receiver their account is about to expire and urges them to update their credit card details.
It also asks for other important details such as mother's maiden name and social security number that many sites use as an additional security check.
Any criminal getting hold of these details could also use them to steal identities.
Once opened, the worm launches a fake PayPal verification window which, once filled out, sends the card details to a remote server.
The spoof e-mail is the latest example of a malicious virus that tries to con people out of money, rather than just cause annoyance and inconvenience.
Users of Microsoft Windows 95,98, 2000, NT, Me and XP are vulnerable to the malicious program.
"This suggests that the mindset of the virus author is changing," says Mark Sunner, chief technical officer at net security firm MessageLabs.
Subject: Important (followed by blank spaces and random characters)
Attachment: www.paypal.com.pif or infoupdate.exe
Size: 13,856 bytes
"We are now seeing a new breed of cyber-criminal intent on using viruses as a means of lining their own pockets."
He says the virus writers are taking a "hit-and-run" approach, intending their wares to be short-lived.
"They rely on duping a crop of unsuspecting users before a new variant is released and the process begins again," he says.
The worm was first spotted on Monday and is thought to have originated from France.
But analysts say the majority of e-mails sent have come from the USA and it is spreading quickly.