Warning: Virus disguised as message from Pay Pal

Mark_Nagel · November 21, 2003, 3:11pm

Today, I received an e-mail message saying that my Pay Pal account would “expire” in five days if I don’t “update my account information” by downloading and running an executable program called “www.paypal.com.scr”, which was attached to the e-mail message.

I thought that this e-mail message sounded very suspicious because (1) Pay Pal accounts are supposed to never expire, and (2) if I really did have to “update my account information”, then I should only need to fill out an online form. I shouldn’t need to download and then run an executable program.

Also, the e-mail had a few slight grammatical errors, which means that it was probably written by a non-native English speaker, which seemed very suspicious because Pay Pal is an American company.

So I used the Yahoo virus checker without downloading the attached software, and I found out that the attachment contained the virus called “W32.Mimail.I@mm”.

So if anyone gets any e-mail messages saying that their Pay Pal account will “expire” if they don’t download and run an attached program, they should delete the e-mail and do not download the attached program.

Here is the complete text of the e-mail message. (Don’t worry. This text does not contain the virus!)

Dear PayPal member,

PayPal would like to inform you about some important information regarding your PayPal account. This account will be expiring within five business days. We apologize for any inconvenience that this may cause, but this is occurring because all of our customers are required to update their account settings with their personal information.

We are taking these actions because we are implementing a new security policy on our website to insure everyone’s absolute privacy. To avoid any interruption in PayPal services, then you will need to run the application that we have sent with this email (see attachment) and follow the instructions. Please do not send your personal information through email, as it will not be as secure.

IMPORTANT! If you do not update your information with our secure application within the next five business days, then we will be forced to deactivate your account and you will not be able to use your PayPal account any longer. It is strongly recommended that you take a few minutes out of your busy day and complete this now.

DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an automated message system and the reply will not be received.

Thank you for using PayPal.

Rascal · November 24, 2003, 2:17am

Any attachment sent with *.scr (“screensaver”) is most likely a virus.

Big_Fluffy_Matthew · November 24, 2003, 2:35am

[quote=“Rascal”]Any attachment sent with *.scr (“screensaver”) is most likely a virus.[/quote]Also .exe, .com, .pif are pretty much guarenteed to be a virus, as is anything with more than one dot, pic.jpg.exe is not a picture. Clear tools->folder options->view->“Hide extentions for known file types” in explorer so you can see what the file name really is, (Whoever in MS who set that is a twazzock)

Any file that you did not ask for is almost guarenteed to be a virus, a big company would NEVER EVER email files out. MS NEVER sends patches through email, Norton NEVER sends virus fixes through emal

Any email from a company that is in bad English is probably a fake. (Something Taiwan needs to learn it wants to be taken seriously)

That email seems to have all those tell-tale signs.

AWOL · November 24, 2003, 4:26am

For the past 2 months I have been receiving these Microsoft Critical Pack Upgrade, error notification etc spam… are these viruses or what? I have searched the usual virus alert sites but cant find anything that mentions these?

Big_Fluffy_Matthew · November 24, 2003, 4:46am

[quote=“AWOL”]For the past 2 months I have been receiving these Microsoft Critical Pack Upgrade, error notification etc spam… are these viruses or what? I have searched the usual virus alert sites but cant find anything that mentions these?[/quote]If they have files attached, they would be viruses. If they contain links to updates on microsoft’s website, they are harmless, but annoying.
It depends what the email says…

AWOL · November 24, 2003, 4:57am

[quote=“Big Fluffy Matthew”][quote=“AWOL”]For the past 2 months I have been receiving these Microsoft Critical Pack Upgrade, error notification etc spam… are these viruses or what? I have searched the usual virus alert sites but cant find anything that mentions these?[/quote]If they have files attached, they would be viruses. If they contain links to updates on microsoft’s website, they are harmless, but annoying.
It depends what the email says…[/quote]

I for one am not going to even open these things as that could trigger a virus. Why the hell would Microsoft be sending me an update to a yahoo account. They sound dodgy as all buggery. So…I cant post what the email text is as I am not going to click on them

Rascal · November 24, 2003, 6:03am

I don’t think MS sends update notifications by email. Usually the OS alerts you in the taskbar of any updates (if activated).
Check the email and links for authenticity but I rekon not to click on them directly or execute any attachments.

For updating your windows manually go to: windowsupdate.microsoft.com/

AWOL · November 24, 2003, 6:22am

the fact i use a mac is another indicator surely. they are coming to my yahoo account as well. they are just spam. typically they have attachments with the size of the email being 142k to 156k. i receive upwards of 80 per day. yahoo spam protection is useless as the seem to be sent from the randomnumber@yahoo.com or @hotmail, @msn.com etc etc.

found info on the crap i am receiving… the attachment is The Swen worm, known technically as I-Worm.Swen, W32/Swen.A@m… or
W32/Gibe@M…, affects Windows 95, Windows NT and all newer versions, and spreads via email and through IRC, Kazaa and local area networks.

So if u receive anyything that claims to be from MS and is a critical update, patch or whatever, delete it. MS does NOT use email to send out patches or updates. They follow a format similar to these…

"Internet Critical Upgrade"
"Internet Critical Patch"
"Internet Critical Pack"
"Microsoft Critical Update"
"Microsoft Critical Upgrade"
"Microsoft Critical Patch"
"Microsoft Critical Pack"
"Net Critical Update"
"Net Critical Upgrade"
"Net Critical Patch"
"Net Critical Pack"
"Network Critical Update"
"Network Critical Upgrade"
"Network Critical Patch"
"Network Critical Pack"
"Latest Critical Update"
"Latest Critical Upgrade"
"Latest Critical Patch"
"Latest Critical Pack"

"Internet Security Update"
"Internet Security Upgrade"
"Internet Security Patch"
"Internet Security Pack"
"Microsoft Security Update"
"Microsoft Security Upgrade"
"Microsoft Security Patch"
"Microsoft Security Pack"
"Net Security Update"
"Net Security Upgrade"
"Net Security Patch"
"Net Security Pack"
"Network Security Update"
"Network Security Upgrade"
"Network Security Patch"
"Network Security Pack"
"Latest Security Update"
"Latest Security Upgrade"
"Latest Security Patch"
"Latest Security Pack"

Rascal · November 24, 2003, 11:28am

Can’t you add those keywords to the spamfilter yourself (for your account)?

AWOL · November 24, 2003, 11:24pm

Rascal

Yes I could and have, but Yahoo only allows 15 filters. And this spam morphs and changes the headers in the message therefore getting around my filters.

Hartzell · November 25, 2003, 1:05am

Please refer to the discussion of spam-filtering email accounts at forumosa.com/3/viewtopic.php?t=13106