More MiMail Worms Spotted; More To Come

Welcome Guest. | Log In| Register | Membership Benefits

January 15, 2004 (10:46 AM EST)

Another campaign of MiMail worms has been spammed onto the Internet this week, say security analysts, leading them to conclude that these phishing-style worms -- which try to trick users into divulging financial information such as credit card account numbers -- will continue unabated during 2004.

MiMail.p, a worm that first appeared last week, was re-spammed by Russian attackers Wednesday, said officials at Kaspersky Labs, a Moscow-based security firm. Kaspersky, and others, including security intelligence firm iDefense, detected a mass mailing of a Trojan horse dubbed 'small.cz,' which in turn downloads the MiMail.p worm from a remote server and installs it on the compromised machine.

Attackers have taken to using wide-scale spamming of e-mail messages with malicious file attachments as a way to spread their creations quickly, hoping to infect large numbers of systems before anti-virus companies can react with updated definition files.

MiMail.p poses as a message from PayPal, and tries to convince recipients to give up personal information, including credit card and Social Security numbers. According to Kaspersky, the worm also tracks the activity of E-Gold and PayPal payment applications installed on the infected computer, then extracts confidential financial data, as well as usernames and passwords for e-mail and system access, and sends the harvested information to a number of anonymous addresses belonging to the worm's author.

"Money is the motive, resulting in new MiMail attacks on a regular basis," said Ken Dunham, malicious code director of iDefense in an e-mailed statement. "It's almost like clockwork now, with new MiMail variants expected every few days."

Most of the MiMail worms -- there have been a slew since August, 2003 -- can be traced back to Russian hackers, said both Kaspersky and iDefense.