The Trojan horse is disguised as a message from the payment system PayPal, where the sender address is falsified as "firstname.lastname@example.org", and the subject appears as "PAYPAL.COM NEW YEAR OFFER".
If the attachment, paypal.exe, is opened, the Trojan connects to a remote server, downloads Mimail.p and installs it onto the computer.
The worm differs from previous versions because it is compressed using UPX, which makes it more difficult for anti-virus programs to detect it. It is also extracts confidential information and sends it to anonymous addresses belonging to the worm's author.
Mimail was created in Russia and first appeared on the internet at the beginning of August 2003.