RE: WATPA: FW: PayPal Phishers Turn to E-mail Viruses

From: Vincent A. Munch <>
Date: Sat Nov 15 2003 - 23:32:51 EST

We discovered this at our worksite and I also reported the scam to Paypal
Vincent A. Munch

"We are not afraid to entrust the American people with unpleasant facts,
foreign ideas, alien philosophies, and competing values. For a nation that
is afraid to let its people judge the truth and falsehood in an open market
is a nation that is afraid of its people." John F. Kennedy

 --- On Fri 11/14, Norm Jacknis < > wrote:
From: Norm Jacknis [mailto:]
Date: Fri, 14 Nov 2003 22:28:39 -0500
Subject: WATPA: FW: PayPal Phishers Turn to E-mail Viruses

I don't normally post warnings about viruses or scams; there are so many of<br>them. But this is a particularly insidious scam, very likely to fool the<br>average PayPal user.<br><br>I've appended one of many articles about the subject, this one from<br>InternetNews.<br><br>Norm<br>------------------<br><br><br>PayPal Phishers Turn to E-mail Viruses<br>By Ryan Naraine <><br>November 14, 2003<br><br>The PayPal 'phishing' scourge is wearing a new mask.<br>Security experts on Friday warned that a new variant of the MiMail e-mail<br>virus is fast spreading through inboxes worldwide, trying to dupe PayPal<br>users into giving up credit card numbers and other sensitive information.<br>Internet scammers have been using the high-tech 'phishing' tactic to swipe<br>credit card numbers <>,<br>bank account information, Social Security numbers and user passwords but<br>it's the first time t
he technique has been integrated with an e-mail borne<br>virus, according to Sophos security analyst Chris Beltoff.<br>Beltoff told the detection of an e-mail worm programmed to<br>trick users into giving up sensitive PayPal account information is another<br>signal that Internet scammers are becoming more sophisticated and dangerous.<br>"It's the first time I've seen someone trying to steal personal information<br>by spreading an e-mail virus. It just shows that the spread of viruses and<br>spam have started to intermingle at a dangerous point. It shows that users<br>need a solution to deal with both problems at the same time," Beltoff said.<br>He said the latest 'phishing' virus is a variant of the MiMail worm<br><> which first appeared in<br>August this year. When MiMail first appeared, the CERT Coordination Center<br>warned that it was programmed to bypass a known Microsoft vulnerability to<br>spread itself.<br>Sophos' Beltoff expla!
 ined tha

t MiMail was able to bypass certain gateway<br>protection systems because it arrived as a .ZIP attachment. "Because .ZIP<br>files are used for a lot of office activity, admins usually let attachments<br>bypass the gateway," he explained.<br>The variant that's being used to 'phish' for PayPal account information<br>comes with a subject line "YOUR PAYPAL.COM ACCOUNT EXPIRES" and loads a .SCR<br>attachment.<br>Ironically, the e-mail warns users not to sent credit card information via<br>e-mail but, once the attachment is opened, a PayPal-branded dialog box<br>appears and attempts to collect a user's PayPal account information.<br>The dialog box requests the user to enter a range of information about their<br>credit card, including full credit card number, PIN, expiration date, and<br>even the CVV code -- the three-digit personal security code printed on the<br>back of cards.<br>The worm has also been programmed to search for e-mail addresses on an<br>infected system and mail itself to every address it finds.<br
>According to Beltoff, the success of 'phishing' through the spread of<br>viruses highlights a lack of education among end-users. "It is surprising<br>that people would fall for these scams in this day and age. It just shows<br>there is a need for some serious education about what to do when these<br>e-mails arrive," he said.<br>"It is important to get people to understand that the warning signs must go<br>up for all attachments, regardless of where they're coming from...The<br>popularity of PayPal could lead to the fast dissemination of this worm. This<br>is a tricky worm that relies on the ignorance of PayPal users to harvest<br>bank card data with a realistic-looking form," Beltoff added.<br>Sophos has posted a removal tool to its Web site that will disinfect systems<br>from the MiMail variant.<br><br>
Received on Sat Nov 15 23:32:55 2003

This archive was generated by hypermail 2.1.8 : Sun Nov 16 2003 - 12:55:02 EST