[URL]http://story.news.yahoo.com/news?tmpl=story&cid=1093&ncid=1093&e=7&u=/pcworld/20031117/tc_pcworld/113478[/URL]\n\nNew Virus Appears as PayPal Scam\nMon Nov 17,12:00 PM ET\nLincoln Spector, special to PCWorld.com\n\nIf you get an e-mail message warning you that your PayPal account is about\nto expire, don't open it. If you open it, don't double-click the attachment.\nIf you double-click the attachment, don't complete the form asking for your\ncredit card information. And if you do fill in the form, call your credit\ncard company immediately.\n\n\nAnd don't blame PayPal. The problem is an e-mail virus, Mimail.I, first\nspotted on November 13. Most viruses are sick jokes; this one's out to steal\nyour money.\n\nHow It Works\n\nMimail (pronounced "my mail") arrives in an e-mail that appears to be from\nPayPal. In very convincing language, it states that your account will expire\nsoon unless you resubmit your credit card information. "We apologize for any\ninconvenience that this may cause," the text politely reads.\n\nThe letter even appears concerned about your privacy: "Please do not send\nyour personal information through e-mail, as it will not be as secure."\nInstead, it asks that you run the attached program. That's where you enter\nyour valuable information, which it then sends to four different e-mail\naddresses.\n\nIt also scours your hard drive for new e-mail addresses to send the same\nbogus message. These messages, like the one you got, are "spoofed" to appear\nas if they came from PayPal.\n\n"It appears to be another step in the advancement of spam," says David E.\nSorkin, an associate professor with the Center for Information Technology\nand Privacy Law, at John Marshall Law School. "A few months ago there was\ntalk about spammers using viruses to send spam. Now they're using them for\nfraud."\n\nBryson Gordon, senior product manager for McAfee's Security Consumer\nDivision, finds this "far more sophisticated in social engineering [than\nprevious worms]... We're starting to see marked change in the battle with\nviruses: a worm for profit."\n\nSlow-Moving Pest\n\nLuckily Mimail hasn't spread very far-\-at least not yet. "It's not a major\nevent. We're seeing less than a hundred infections overall," says Vincent\nWeafer, a senior director at antivirus vendor Symantec Security Response.\n\nAs Weafer notes, that can change. "103259 Klez sat around for about a week\nand then shot up," he says. But he doubts this one will spread like Klez.\nMimail is a "relatively easy one to explain. You can say 'If you see this,\ndelete it.'"\n\nBut justice is not likely to be served. According to Weafer, the culprits\nwill get caught "Only if they're stupid." The logical trail to follow, of\ncourse, is the four e-mail addresses embedded in the code, but it's possible\nto set up anonymous e-mail accounts without identifying yourself, or set up\nan account with a stolen credit card.\n\nWhat to Do\n\nOne thing is for certain: We'll see this sort of trick again, so it pays to\ntake precautions.\n\nBe suspicious of any e-mail that asks for personal information, security\nexperts advise.\n\nPayPal promises it "will never ask for your password or account information\nin an e-mail," and most other companies on the Internet do likewise. If an\ne-mail message contains a link to a form, examine the URL closely-\-it could\nbe just one letter away from the correct domain name.\n\nReport suspicious e-mail to the company that is allegedly its source. PayPal\nhas an e-mail address, [email][/email], for just this purpose.\n\nAnd, of course, keep your antivirus applications and definitions up to date.\nUsers of Symantec's Norton AntiVirus products, as well as security programs\nfrom BitDefender and Network Associates, were able to download the\nappropriate protection by last Friday morning. In addition, both BitDefender\nand Network Associates offer free Mimail fixes on their Web sites.