Credit card harvester 'MiMail I' spreading worldwide

A new variant of the MiMail worm, MiMail I, is spreading around the world. The worm attempts to trick people out of their credit card details by purporting to be from online payment services company PayPal, which is owned by eBay. An email with the headline 'YOUR PAYPAL.COM ACCOUNT EXPIRES' claims that the company is implementing a new security policy. The email is especially sneaky in that it correctly advises people not to send out credit card details by email. But when the attachment in the email (www.paypal.com.scr) is opened the software displays a PayPal-branded window requesting all credit card information.The worm then mails itself out to all email addresses on the infected hard drive. "It seems to be following the sun," said Graham Cluley, senior technology consultant at antivirus vendor Sophos. "Australia, New Zealand and South Africa are all getting hits, and here in the UK of course. MiMail A, the original worm, was first detected in the wild in August and was originally used to harvest email addresses for spammers. Removal utilities and virus identity files are available from major antivirus companies.