PayPal Message Alert

Discussion in 'malware problems & news' started by srfox, Nov 24, 2003.

Thread Status:
Not open for further replies.
  1. srfox

    srfox Registered Member

    Joined:
    Jul 25, 2003
    Posts:
    86
    Location:
    Los Angeles
    This message was recieved by one of our business addresses with the subject: "YOUR PAYPAL.COM ACCOUNT EXPIRES" and seeming to spoof donotreply@paypal.com. Very clever, orginating address does not even appear in full headers. Only this ip: apparently stealthed: 216.209.229.64 which is probably a legitimate address that they are stealing time on. It comes with an attachment: www. paypal.com.scr (I spaced this to make sure it's not a link)

    Dear PayPal member,

    PayPal would like to inform you about some important information
    regarding your PayPal account. This account, which is associated with the
    email address

    (address@whatever)
    will be expiring within five business days. We apologize for any
    inconvenience that this may cause, but this is occurring because all of our
    customers are required to update their account settings with their
    personal information.

    We are taking these actions because we are implementing a new security
    policy on our website to insure everyone's absolute privacy. To avoid
    any interruption in PayPal services then you will need to run the
    application that we have sent with this email (see attachment) and follow the
    instructions. Please do not send your personal information through
    email, as it will not be as secure.

    IMPORTANT! If you do not update your information with our secure
    application within the next five business days then we will be forced to
    deactivate your account and you will not be able to use your PayPal account
    any longer. It is strongly recommended that you take a few minutes out
    of your busy day and complete this now.

    DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an
    automated message system and the reply will not be received.

    Thank you for using PayPal.

    xorxvwrv
     
  2. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    It's one of the Mimail Worms:

    Mimail.I
    securityresponse.symantec.com/avcenter/venc/data/w32.mimail.i "at" mm.html

    Mimail.J
    securityresponse.symantec.com/avcenter/venc/data/w32.mimail.j "at" mm.html

    Your message sounds like the 'I' variant of the worm. ;)

    {Note that I can't list the link here because of a bug in forum software, won't interpret links with the "at" {@) symbol. You'll have to copy-and-paste, substitute for the (@) symbol}.
     
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    That darn "at" sign! :rolleyes:

    Thanks Randy. ;)
     
Loading...
Thread Status:
Not open for further replies.