PDA

View Full Version : Go go gadget virus



Rhiamon Fatesealer
January 15th, 2004, 08:07 PM
Just got this email today in my Yahoo account. The email claims to come from Paypal, email address donotreply@paypal.com. Here's the text of the email I got



Dear PayPal member,

PayPal would like to inform you about some important information
regarding your PayPal account. This account, which is associated with the
email address

rhiamontierney@yahoo.com

will be expiring within five business days. We apologize for any
inconvenience that this may cause, but this is occurring because all of our
customers are required to update their account settings with their
personal information.

We are taking these actions because we are implementing a new security
policy on our website to insure everyone's absolute privacy. To avoid
any interruption in PayPal services then you will need to run the
application that we have sent with this email (see attachment) and follow the
instructions. Please do not send your personal information through
email, as it will not be as secure.

IMPORTANT! If you do not update your information with our secure
application within the next five business days then we will be forced to
deactivate your account and you will not be able to use your PayPal account
any longer. It is strongly recommended that you take a few minutes out
of your busy day and complete this now.

DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an
automated message system and the reply will not be received.

Thank you for using PayPal.

Virus scan through Yahoo found that the attachment had a virus, MiMail.I. Here's the info I found on it at F-Secure (http://www.f-secure.com/v-descs/mimail_i.shtml).


Mimail.I is an email worm which disguises itself as an email from Paypal on-line payment service and tries to steal credit card information. It arrives with the subject YOUR PAYPAL.COM ACCOUNT EXPIRES and attachment called www.paypal.com.scr

F-Secure has received reports of emails containing the Mimail.I worm with the attachment name: 'paypal.asp.scr'. Since the worm sends emails with the attachment name 'www.paypal.com.scr' it is likely that those messages were hand-crafted.

Anyways, just a heads up.

togashi
January 15th, 2004, 10:48 PM
Thanks Rhia...I'll have to update my virus definitions tonight.

Catila Amano
January 16th, 2004, 12:55 PM
Strange thing is, the real PayPal just sent out a policy update message, so the timing of this virus is interesting.

Rhiamon Fatesealer
January 16th, 2004, 02:26 PM
Are you sure? My *real* PayPal email address hasn't received anything from them. Not recently, anyways.

Dubheasa
January 16th, 2004, 07:58 PM
I actually got that email a few months ago, it's been circulating for some time now. I never trust an email asking me for my credit card information. I went to the real Pay Pal site and logged it, saw nothing about updates, and ignored the email.

Catila Amano
January 19th, 2004, 10:11 AM
I have my PayPal account set to send me notifications of policy updates (one of the check boxes on the Profile tab when you're logged into the PayPal site), so you may not have that set on your account, which would explain why you don't get them. If you don't have that turned off, then I don't know why you don't get them.

But the policy update email I got was legitimate, and didn't ask for any kind of credit card information. It just covered things like "PayPal Buyer Protection for ebay.co.uk and ebay.ca," "Personal Account Receiving Limits," "Bank Account Withdrawal for Korea and Taiwan," and "U.S. Bank Accounts for EU Users," along with several User Agreement Updates and a Privacy Policy Update. It was pretty mundane stuff.

Naelaen
January 19th, 2004, 10:14 AM
Best idea is to get virus checking software which automatically checks for viruses.

Norton, AVG and F-Secure are just three examples. (Haven't personally tried F-Secure, but my Uni uses it :))