Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Sophos Warns -- Don't Give Your Credit Details to a Virus

  • 14 November, 2003 17:57

<p>14 November 2003.</p>
<p>Sophos, a world-leader in anti-virus and anti-spam protection for businesses, is warning of a new variant of the Mimail worm, which is at large in Australia.</p>
<p>The new worm, named W32/Mimail-I, arrives in an email with a subject line of "YOUR PAYPAL.COM ACCOUNT EXPIRES", and asks you to provide detailed information about your credit card, claiming that PayPal "are implementing a new security policy."</p>
<p>The email tells you not to send your personal information through email (correctly advising you that email is insecure!) and instructs you to run the attached program instead.</p>
<p>If you run the program, attached in a file called "www.paypal.com.scr", a dialog box pops up requesting you to enter a range of information about your credit card. This includes your full credit card number, your PIN, the expiry date, and even the so-called CVV code (this is an additional three-digit security code printed on the back of your card which is not recorded by credit card machines during transactions). The dialog includes a PayPal logo in a further attempt to appear legitimate.</p>
<p>"Mimail-I tries to harvest your bank card data and then sends it out to the Bad Guys in an email," explained Paul Ducklin, Head of Technology, Asia Pacific, at Sophos Australia and New Zealand. "It even includes a realistic-looking checkbox which you are expected to tick in order to confirm that the details you have entered are correct.</p>
<p>“But the email sent to you by Mimail-I could never be legitimate," Ducklin points out. "Banks and credit card companies never request information of this sort via email, just as computer security companies never send out patches this way. Email is simply not secure enough for transactions of this type."</p>
<p>As well as ripping off your bank information, Mimail-I sends itself to everybody whose email addresses appear on your hard disk. This is likely to generate a lot more email traffic than you may have bargained for.</p>
<p>Sophos offers the following advice:</p>
<p>1. Don't act on web links or attachments sent to you in emails which claim to come from banks or financial companies. The apparent source of an email is too easily forged.</p>
<p>2. Block all Windows programs (EXE, DLL, SCR, BAT, PIF, CMD, etc.) files at your email gateway if you can. Because of the associated risks, there is almost no business case for distributing programs by email.</p>
<p>3. Filter outbound email with a product such as Sophos Pure Message or Sophos MailMonitor before it leaves your network. This is good "internet citizenship", because it limits the collateral damage you can do to the internet even if you become infected.</p>
<p>4. Update your anti-virus software regularly and frequently so you can identify the latest threats accurately. Using a product (such as Sophos Enterprise Manager) which can automate updates takes the stress and uncertainty out of the process.</p>
<p>ends.</p>
<p>FOR FURTHER INFORMATION:
Paul Ducklin (duck@sophos.com) is available for comment:
+61 407 320 515 (mobile)
+61 2 9409 9100 (tel)
+61 2 9409 9191 (fax)</p>
<p>Sophos's press contact at Gotley Nix Evans is:
Michael Henderson (sophos@gne.com.au)
+61 2 9957 5555 (tel)
+61 413 054 738 (mobile)
+61 2 9957 5575 (fax)</p>

Most Popular

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release