MEDLIB-L Archives

November 2003, Week 3


Options: Use Monospaced Font
Show HTML Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Valerie Rankow <[log in to unmask]>
Reply To:
Valerie Rankow <[log in to unmask]>
Wed, 19 Nov 2003 11:57:14 -0500
text/plain (83 lines)
Dear Cautious MEDLIB-L Subscribers,

Another nasty worm has been set loose, the PayPal, or W 32. M i m a i l.J @
m m  [spaces added to prevent auto-deletion of this message by antivirus

It arrives in your email, and pretends to be from PayPal and attempts to
steal your credit card information. This one can have a double-whammy. There
can be a pif attachment, that if opened, will mine your computer for
personal information and send it to some Evil People. There is also a link
that when clicked on, will bring you to a fake PayPal website, where it asks
you to fill out an online form and provide your credit card information.

The fake message claims that a PayPal account is going to expire unless the
user runs the attached application and provides credit card information.
Using its own SMTP engine, the worm then attempts to email this stolen
information to four email addresses contained in the worm. The worm spreads
by sending itself to email addresses collected from your computer.

For more information, visit the website of your favorite anti-virus
software. The information below is from Symantec (Norton):
[log in to unmask]" target="_blank">http:[log in to unmask]

W3 2. M i m a i l.J @ m m
Discovered on: November 17, 2003
Last Updated on: November 18, 2003 02:18:19 PM

Due to an increased rate of submissions, Symantec Security Response has
upgraded this threat to a Category 3 rating.

W 32. M i m a i l.J @ m m  is a mass-mailing worm that attempts to steal
personal information. This worm displays a series of forms that ask users to
enter their credit card information. (See the "Technical Details" for
illustrations.) This information is saved and later emailed to several
predetermined email addresses.

This worm is similar to W 3 2.M i m a il.I @m m.

The email has the following characteristics:

From: [log in to unmask]
Subject: IMPORTANT  <random string of characters>
Attachment: InfoUpdate.exe -or-

Symantec Security Response has developed a removal tool to clean the
infections of W 32. M i m a i l.J @ m m .

Also Known As:  W 3 2/Mi m ail.j@M M [McAfee], W O RM_MIMAIL.J [Trend], W
in3 2.M im ai l.J [Computer Associates], W 3 2/Mim a il-J [Sophos], I-Worm.M
im ail.j [Kaspersky]
Variants:  W 3 2.Mi m ail.I@m m
Type:  Worm
Infection Length:  13,856 bytes

Systems Affected:  Windows 2000, Windows 95, Windows 98, Windows Me, Windows
NT, Windows XP
Systems Not Affected:  DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x

See Virus Definitions November 17, 2003

Remember, the best defense against virus infection is to update your virus
definitions every day, and NEVER, EVER open an attachment, unless you are
certain of the contents...

Coordinator, MEDLIB-L

Valerie G. Rankow, MLS
Professional Information Services
Research, Writing & Consultation
[log in to unmask]
What do you want to know? Just ask...
"Never trust anything that thinks for itself,
if you can't see where it keeps its brain."
-J.K. Rowling.