W32.Mimail.J@mm is yet another Mimail variant infecting systems!

Question

Symantec response has upgraded W32.Mimail.J@mm to a Category 3 threat from a Category 2 threat on 11-18-03.

Answer

This question was answered on November 21, 2003. Much of the information contained herein may have changed since posting.

W32.Mimail.J@mm is a level 3 worm found on 11-17-03! This worm has infected email users accross the Web and steals personal information from infected users. This worm displays a series of forms that ask users for credit card information. The information is then sent to several predetermined email addresses. It effects most Windows operating systems and has the following characteristics:

From: Do_Not_Reply@paypal.com

Subject: IMPORTANT <random string of characters>

Attachment: InfoUpdate.exe -or- www.paypal.com.pif

Message:

Dear PayPal member,

We regret to inform you that your account is about to be expired in next five business days. To avoid suspension of your account you have to reactivate it by providing us with your personal information.

To update your personal profile and continue using PayPal services you have to run the attached application to this email. Just run it and follow the instructions.

IMPORTANT! If you ignore this alert, your account will be suspended in next five business days and you will not be able to use PayPal anymore.

Thank you for using PayPal.

This is considered to be a wild worm with high distribution. Symantec advises all users to download the latest virus definitions immediately and deploy, as well us updating all Microsoft security patches.

Get complete instruction on protection and removal from Symantec at:

<a href= "http://www.sarc.com/avcenter/venc/data/w32.mimail.j@mm.html"> http://www.sarc.com/avcenter/venc/data/w32.mimail.j@mm.html</a>

Author

Posted by Michal of Data Doctors on November 21, 2003