| Security Update |  |
 |
|
|
1818 Mimail.J arrives as an attachment to an email called either InfoUpdate.exe or www.paypal.com.pifThe sender's email address is forged, and therefore does not indicate the true identity of the sender. The worm spreads by emailing copies of itself to email addresses harvested from the infected computer. When launched, the worm displays a bogus PayPal credit card verification window. The information entered into this window is then saved in a file named ppinfo.sys, which is subsequently sent to a remote server. The worm constructs email messages using its own SMTP engine. As with previous variants, the mailing routing queries the mail server for the domain related to the target (harvested) address. Messages are then sent through that SMTP server. The new variant of W32/Mimail.gen@MM attempts to steal credit card information. The user's information is stored in a file named ppinfo.sys , which is sent to four email addresses, hard-coded in the worm. For more information visit the links below: Dnet Systems have not experienced any instances of this worm as of 9:45, Tuesday, Nov. 18. However, if you receive any email requesting credit card information do not respond or reply to the email. Thank you again for choosing Dnet! |