Mimail takes on a new disguise

By

The Mimail worm is circulating the internet under a new guise.

The Trojan horse is disguised as a message from the payment system PayPal, where the sender address is falsified as "do_not_reply@paypal.com", and the subject appears as "PAYPAL.COM NEW YEAR OFFER".


If the attachment, paypal.exe, is opened, the Trojan connects to a remote server, downloads Mimail.p and installs it onto the computer.

The worm differs from previous versions because it is compressed using UPX, which makes it more difficult for anti-virus programs to detect it. It is also extracts confidential information and sends it to anonymous addresses belonging to the worm's author.

Mimail was created in Russia and first appeared on the internet at the beginning of August 2003.

www.kaspersky.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?