Online Security, a global provider of computer forensics and information technology risk mitigation since 1997   Original Source:    http://pakistantimes.net/2003/11/21/top10.htm New computer virus spreads among PC users A computer virus that camouflages itself as a message from PayPal has started spreading among home users, reports BBC. In-depth The programme is a variant of the Mimail virus, which had previously spread by appearing to be a security advisory from Microsoft. The latest version is attached to an e-mail forged to look as though it came from PayPal, an online payment service bought by eBay in 2002. Running the programme infects the victim's computer and asks the PC user for credit card information, which the virus then sends to the attacker. "It is a new trend among virus authors to get deeper into criminal acts and attempt to generate revenue," Craig Schmugar, virus research engineer for security company Network Associates, was quoted by CNET as saying. When a person opens the e-mail attachment, a window appears bearing the PayPal logo and asking for credit card information. The virus stores any information provided by the victim in a file called "ppinfo.sys" and the file is sent to four e-mail addresses stored in the programme. Antivirus companies are in the process of blocking access to the e-mail boxes. The virus also searches through the Internet browser files cached on a victim's computer and grabs e-mail addresses from the sources found there. It then sends itself as an attachment to the original e-mail to every address found. I-Worm/Mimail.J I-Worm/Mimail.J is a virus which is sending itself via e-mails with following text: Dear PayPal member, We regret to inform you that your account is about to be expired in next five business days. To avoid suspension of your account you have to reactivate it by providing us with your personal information. To update your personal profile and continue using PayPal services you have to run the attached application to this email. Just run it and follow the instructions. IMPORTANT! If you ignore this alert, your account will be suspended in next five business days and you will not be able to use PayPal anymore. Thank you for using PayPal. The virus uses www.paypal.com.pif file as an attachment. After running virus shows a form requesting an informations about a credit card and personal informations. This informations are sended to a few email addresses. I-Worm/Mimail.I I-Worm/Mimail.I is a virus which is sending itself via e-mails with following text: Dear PayPal member, PayPal would like to inform you about some important information regarding your PayPal account. This account, which is associated with the email address will be expiring within five business days. We apologize for any inconvenience that this may cause, but this is occurring because all of our customers are required to update their account settings with their personal information. We are taking these actions because we are implementing a new security policy on our website to insure everyone's absolute privacy. To avoid any interruption in PayPal services then you will need to run the application that we have sent with this email (see attachment) and follow the instructions. Please do not send your personal information through email, as it will not be as secure. IMPORTANT! If you do not update your information with our secure application within the next five business days then we will be forced to deactivate your account and you will not be able to use your PayPal account any longer. It is strongly recommended that you take a few minutes out of your busy day and complete this now. DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an automated message system and the reply will not be received. Thank you for using PayPal. --- Best regards, Administrator The virus uses www.paypal.com.scr file as an attachment. After running virus shows a form requesting an informations about a credit card. This informations are sended to a few email addresses