In the past day, around 25,000 users have been infected by Mimail.j, the latest mass-mailing worm designed to target customers of online payment service PayPal.
According to security company F-Secure, Mimail.j is almost identical to Mimail.i but seems to be spreading more quickly than its predecessor. The latest variant of Mimail appears to be sent from "Do_Not_Reply@paypal.com" and contains a string of random characters in the subject line. Attached to the e-mail is either a file called "InfoUpdate.exe" or "www.paypal.com.pif".
Mark Sunner, chief technology officer at e-mail security firm MessageLabs, said Tuesday that Mimail.j's sole purpose is to defraud unsuspecting users, which he believes indicates a change in the mindset of virus authors. "Once, disruption was motivation enough, but now we are seeing a new breed of cybercriminal that is intent on using viruses as a means of lining their own pockets. They rely on duping a crop of unsuspecting users before a new variant is released and the process begins again," he said.
"It is curious that two have come along in the space of three or four days, but Mimail.j is a recompiled version of Mimail.i, with minimal changes. Most of the changes seem to reflect different subject lines and different e-mail content text when users open it, but the method of operating is pretty identical," an F-Secure representative said.
The worm has been rated highly dangerous because of the risk it carries for PayPal users. "Someone has gone to a considerable amount of trouble to fashion PayPal look-alike screens and 'phish' for credit card details," the F-Secure representative said.
The recent spate of worm and virus attacks has led network giant Cisco Systems to collaborate with antivirus software vendors--including Network Associates, Symantec and Trend Micro--to create the Cisco Network Admission Control system, which is part of the company's strategy to help companies minimise the effect of viruses and worms.
Mark Bouchard, senior program director at the Meta Group, welcomed the Cisco announcement and commented that companies should make it a priority to ensure that insecure nodes within their network are adequately protected.
"Many organisations were successful at stopping recent worm attacks at their Internet boundaries, yet still fell victim to the exploits when mobile or guest users connected their infected PCs directly to internal local-area networks," Bouchard said. "Eliminating this type of threat will require a combination of strengthened policies and network admission control systems."
