paypal

  • Thread starter Thread starter BobT
  • Start date Start date
B

BobT

Hi
I received an interesting email from paypal.com today. It said my
account was expiring and I had to update my personal information. I
was also surprised to find a virus attached to it. Somewhat self
defeating as my NAV got rid of it quickly. Certainly before some
foolish person might give away their billing etc info.

Just thought I would alert people.
BobT
 
I have received at least 4 such phishing emails lately... If you poke around
paypal's site enough, you will find that you can send them to
accessviolation @ paypal.com and they will be very interested in
following them...
 
This is a version of the Mimail worm that masquerades as email from PayPal but actually has
the nefarious objective of stealing your credit card information.

Please read the following URLs..

W32/Mimail.j@MM - http://vil.nai.com/vil/content/v_100825.htm

W32/Mimail.i@MM - http://vil.nai.com/vil/content/v_100822.htm

Dave



| Hi
| I received an interesting email from paypal.com today. It said my
| account was expiring and I had to update my personal information. I
| was also surprised to find a virus attached to it. Somewhat self
| defeating as my NAV got rid of it quickly. Certainly before some
| foolish person might give away their billing etc info.
|
| Just thought I would alert people.
| BobT
 
Kerry Liles said:
I have received at least 4 such phishing emails lately... If you poke around
paypal's site enough, you will find that you can send them to
accessviolation @ paypal.com and they will be very interested in
following them...
Click to expand...

Please note there is a less than subtle difference between true "phishing"
expeditions and bogus Emails generated by and carrying copies of viruses.
As a rule I'd suggest that you not send virus-infected Emails, even if
they do look like "phishing" expeditions, to the "report scam" addresses
at such sites...
 
In my case, any virus payload was stripped already and did not affect me.
Besides, wouldn't you *expect* folks who deliberately solicit such email to
be ready for whatever is sent their way? I think paypal is fully able to
protect themselves.
 
On that special day, Nick FitzGerald, ([email protected]) said...
Please note there is a less than subtle difference between true "phishing"
expeditions and bogus Emails generated by and carrying copies of viruses.
Click to expand...

Generally, yes. The problem starts when the definitions begin to
overlap, and contours blur. Worms that phish, greeting cards (adware)
that worm, trojans that act as proxies (migmaf), worms that import
trojans (Sobig line).

Malware is constantly evolving into a more effective (read: aggressive)
form, and "borrows" "features" formerly used only for/by other
categories of malware.

But still I don't see much use in sending Paypal the specific worms that
one has received. They've already been sent samples, probably by the
hundreds, by people not knowing that the transporting agent is a worm.
One more won't provide any really new insight, so please spare them.


Gabriele Neukam

(e-mail address removed)
 
In my recent experience I received 4 such solicitation emails from what
appears to be the same IP address. I sent copies to Paypal and to the ISP
which owns the IP address (a different cable intenet provider than the one I
use). I do not agree with your statement "One more won't provide any really
new insight, so please spare them." If that was the case, wouldn't they
simply stop suggesting that customers take that action?
 
On that special day, Kerry Liles, ([email protected]) said...
I sent copies to Paypal and to the ISP
which owns the IP address (a different cable intenet provider than the one I
use). I do not agree with your statement "One more won't provide any really
new insight, so please spare them." If that was the case, wouldn't they
simply stop suggesting that customers take that action?
Click to expand...

Well, it is ok to send notification to the ISP from which the worm came,
but Paypal do(es?) already know that this specific worm is out. They
would have needed the first specimens, perhaps, for further analysis,
but not the umpteen thousandth. That was what I had tried to explain.
Only that.


Gabriele Neukam

(e-mail address removed)
 
Yes - good point. Perhaps it was overkill to send it to paypal. I wanted to
err on the conservative side. Thanks!
 
Back
Top