Dear Cautious MEDLIB-L Subscribers, Another nasty worm has been set loose, the PayPal, or W 32. M i m a i l.J @ m m [spaces added to prevent auto-deletion of this message by antivirus software]. It arrives in your email, and pretends to be from PayPal and attempts to steal your credit card information. This one can have a double-whammy. There can be a pif attachment, that if opened, will mine your computer for personal information and send it to some Evil People. There is also a link that when clicked on, will bring you to a fake PayPal website, where it asks you to fill out an online form and provide your credit card information. The fake message claims that a PayPal account is going to expire unless the user runs the attached application and provides credit card information. Using its own SMTP engine, the worm then attempts to email this stolen information to four email addresses contained in the worm. The worm spreads by sending itself to email addresses collected from your computer. For more information, visit the website of your favorite anti-virus software. The information below is from Symantec (Norton): http:[log in to unmask] W3 2. M i m a i l.J @ m m Discovered on: November 17, 2003 Last Updated on: November 18, 2003 02:18:19 PM Due to an increased rate of submissions, Symantec Security Response has upgraded this threat to a Category 3 rating. W 32. M i m a i l.J @ m m is a mass-mailing worm that attempts to steal personal information. This worm displays a series of forms that ask users to enter their credit card information. (See the "Technical Details" for illustrations.) This information is saved and later emailed to several predetermined email addresses. This worm is similar to W 3 2.M i m a il.I @m m. The email has the following characteristics: From: [log in to unmask] Subject: IMPORTANT <random string of characters> Attachment: InfoUpdate.exe -or- www.paypal.com.pif Symantec Security Response has developed a removal tool to clean the infections of W 32. M i m a i l.J @ m m . Also Known As: W 3 2/Mi m ail.j@M M [McAfee], W O RM_MIMAIL.J [Trend], W in3 2.M im ai l.J [Computer Associates], W 3 2/Mim a il-J [Sophos], I-Worm.M im ail.j [Kaspersky] Variants: W 3 2.Mi m ail.I@m m Type: Worm Infection Length: 13,856 bytes Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x See Virus Definitions November 17, 2003 ------------------------------------------------- ------------------------------------------------- Remember, the best defense against virus infection is to update your virus definitions every day, and NEVER, EVER open an attachment, unless you are certain of the contents... Vigilantly, Valerie Coordinator, MEDLIB-L Valerie G. Rankow, MLS Professional Information Services Research, Writing & Consultation [log in to unmask] What do you want to know? Just ask... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Never trust anything that thinks for itself, if you can't see where it keeps its brain." -J.K. Rowling.