VIRUS: Worm variant targets PayPal users


tMP Founder
Staff member
Some useful info for y'all...

By Iain Thomson [14-11-2003] Credit card harvester 'MiMail I' spreading worldwide

A new variant of the MiMail worm, MiMail I, is spreading around the world. The worm attempts to trick people out of their credit card details by purporting to be from online payment services company PayPal, which is owned by eBay.

An email with the headline 'YOUR PAYPAL.COM ACCOUNT EXPIRES' claims that the company is implementing a new security policy.

The email is especially sneaky in that it correctly advises people not to send out credit card details by email.

But when the attachment in the email ( is opened the software displays a PayPal-branded window requesting all credit card information.

The worm then mails itself out to all email addresses on the infected hard drive.

"It seems to be following the sun," said Graham Cluley, senior technology consultant at antivirus vendor Sophos.

"Australia, New Zealand and South Africa are all getting hits, and here in the UK of course.

"It's not very widespread at the moment; hopefully people are getting smarter about this worm. What we don't know, however, is how many people are falling for it."

MiMail A, the original worm, was first detected in the wild in August and was originally used to harvest email addresses for spammers.

Removal utilities and virus identity files are available from major antivirus companies


Cheers John
I got an email with that heading a few weeks back but as I don't use paypal anymore then I just ignored it!
Thanks for the warning

Product tMP members are discussing