Skip to main content
BBC NEWS / TECHNOLOGY
Graphics VersionBBC Sport Home
News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia | UK | Business | Health | Science & Environment | Technology | Entertainment | Also in the news | Have Your Say |
Wednesday, 19 November, 2003, 08:45 GMT

Virus tries to con PayPal users

Computer keyboard Security experts are warning e-mail users about a virus which tries to fool people into giving away bank details.

Mimail.J targets customers of web payment system PayPal, and is the latest "phishing" scam, which tries to dupe users of financial services.

The worm travels as an attachment to a convincing e-mail, but once opened copies itself to other addresses.

Experts warn that the Windows virus is set to spread more rapidly and say users should ignore and delete it.

Fake page

The e-mail pretending to be from PayPal has the subject line "important" and the attachments carrying the worm are called InfoUpdate.exe or www.paypal.com.pif.

The message content warns the receiver their account is about to expire and urges them to update their credit card details.

It also asks for other important details such as mother's maiden name and social security number that many sites use as an additional security check.

Any criminal getting hold of these details could also use them to steal identities.

Once opened, the worm launches a fake PayPal verification window which, once filled out, sends the card details to a remote server.

The spoof e-mail is the latest example of a malicious virus that tries to con people out of money, rather than just cause annoyance and inconvenience.

Users of Microsoft Windows 95,98, 2000, NT, Me and XP are vulnerable to the malicious program.

MIMAIL.J DETAILS

  • From: Do_Not_Rely@paypal.com
  • Subject: Important (followed by blank spaces and random characters)
  • Attachment: www.paypal.com.pif or infoupdate.exe
  • Size: 13,856 bytes

    "This suggests that the mindset of the virus author is changing," says Mark Sunner, chief technical officer at net security firm MessageLabs.

    "We are now seeing a new breed of cyber-criminal intent on using viruses as a means of lining their own pockets."

    He says the virus writers are taking a "hit-and-run" approach, intending their wares to be short-lived.

    "They rely on duping a crop of unsuspecting users before a new variant is released and the process begins again," he says.

    The worm was first spotted on Monday and is thought to have originated from France.

    But analysts say the majority of e-mails sent have come from the USA and it is spreading quickly.


    E-mail this to a friend
    Related to this story:
    Users face malicious web attacks (08 Nov 03  |  Technology )
    A glimpse inside the virus writer (05 Nov 03  |  Technology )
    E-mail scam targets Nationwide (27 Oct 03  |  Business )
    New Windows virus hits computers (28 Oct 03  |  Technology )
    Devious virus attacks on the rise (02 Oct 03  |  Technology )
    E-mail scam targets online bank (26 Oct 03  |  Business )
    Scam targets NatWest customers (24 Oct 03  |  Business )
    Lloyds TSB e-mail scam alert (24 Sep 03  |  Business )
    Scam targets Barclays customers (13 Sep 03  |  Business )

    RELATED INTERNET LINKS:
    Sophos
    TruSecure
    F-Secure
    MessageLabs
    The BBC is not responsible for the content of external internet sites


    SEARCH BBC NEWS: 
    News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia | UK | Business | Health | Science & Environment | Technology | Entertainment | Also in the news | Have Your Say |

    NewsWatch | Notes | Contact us | About BBC News | Profiles | History

    ^ Back to top | BBC Sport Home | BBC Homepage | Contact us | Help | ©