Virus disguised as legit email from PayPal! Don't get taken! (how to be safe)

Automated PC Solutions
VACM - Virus Alerts for the Common Man

get it now: #1 AntiSpyware #1 AntiVirus #1 Personal Firewall

VACM Home VACM Links APCS Home

bookmark this page:

Virus disguised as legit email from PayPal! Don't get taken! (how to be safe)

Your old boxes are worth CASH $$... Click to learn more...

Electronics
Bargains

VACM Home

VACM How-To Movie: Learn how to Remove Spyware from your PC for free (really!). Click to Watch the video.

Greetings from The VACM Team,

In This Issue:
----------------------
- Virus disguised as legit email from PayPal! Don't get taken! (how to be safe)

You are free to forward this critical information to anyone
you wish as long as it is not modified in any way.

***************************************************
* The Bottom Line...
***************************************************
The latest Mimail.J virus performs criminal acts, not just send
itself out to all your address book entries. MiMail.J tries to
disguise itself as an email from PayPal, and it even has an
attachment of "InfoUpdate.exe" or "www.paypal.com.pif".

Long time VACM subscribers know that unless you turn off Windows'
hiding of file extensions, all you will see is "InfoUpdate"
and/or "www.paypal.com" so you could easily be duped into double
clicking on these attachments. This, as everyone should know
by now is the oldest trick in the book. Make an executable file
look like it's just a picture or a web address, etc.

Because Microsoft ships Windows configured to be as insecure as
possible (why Microsoft? Why?), including the hiding of file
extensions, black hat hackers regularly take advantage of people
who have no idea what a file extensions is, much less that it
is hidden. See the "What You Should Do" portion of this article,
step #5 to learn what we mean.

What MiMail.J tries to do is to convince you that it is indeed from
PayPal and that your PayPal account will be closed unless you provide
some very private personal and financial info about yourself.

First of all, companies do not send emails to deal with private info.
So a red flag should go up as soon as you read the MiMail.J email.

If the flag doesn't go up, and you end up double-clicking on the
attachment to the email message, MiMail.J attempts to get its recipients to
divulge their credit card details and other financial & personal
information.

As mentioned, Mimail.J pretends to be an email from PayPal and it
attempts to get you to type in a lot of private/financial info.
Mimail.I did this, also.

People who fall for this tactic are at great risk of having their
identity stolen, credit card numbers used, etc.

So, now we are seeing the shift in viruses... from bad to worse...
criminal, actually...

The Mimail.J email appears as one of the following:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Subject: Problems with your PayPal account.
+ Attachment: InfoUpdate.exe
+ Message body:
+ Dear PayPal member,
+
+ We regret to inform you that your account is about to be expired
+ in next five business days. To avoid suspension of your account you
+ have to reactivate it by providing us with your personal information.
+
+ To update your personal profile and continue using PayPal services
+ you have to run the attached application to this email. Just run it
+ and follow the instructions.
+
+ IMPORTANT! If you ignore this alert, your account will be suspended
+ in next five business days and you will not be able to use
+ PayPal anymore.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

OR THIS:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ From: Do_Not_Reply@paypal.com
+ Subject: Important (several blank spaces followed by random letters)
+ Attachment: www.paypal.com.pif
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Opening the attachment will cause your system to become infected.
When the attachment is run, it will display a window titled "PayPal
Secure Application". This window prompts the user to enter their credit
card number, CCV code, and expiration date, as well as a lot of other
private personal and financial details including your name, Social
Security Number, mailing address, date of birth, your mother's maiden
name, and so on.

All of the information that you provide is saved in a file which is
then sent to the hacker(s) who created the virus, presumably. After
it has disseminated all of your personal and financial information to some
unknown hacker(s), it then proceeds to spread itself to every e-mail
address it can find on your hard drive, including your Windows address book.

Mimail.J uses its own internal e-mail engine to send itself to every
e-mail address it can find on your system, so you will not even know that
hundreds of e-mails are being sent to people from your PC that look like
you sent them. IE- you will not see any of these emails in your "Sent"
folder.

***************************************************
* What You Should Do
***************************************************

If you suspect that you have some version of the MiMail virus, go to
Symantec's MiMail Removal Tools page at:

http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.removal.tool.html

(Note: You may have to copy and paste if this web address wraps
around to two lines.)

To protect your PC(s):

1. Install a personal firewall - VACM recommends ZoneAlarm Pro.
It is without doubt our #1 choice after exhaustive testing,
and it can be obtained at:

http://apcsnh.com/vacm/tools/bestfirewall.htm

Not only will this firewall keep unwanted intruders out of your system,
but they will also keep rogue spyware or other softwares from getting
out via the internet.
Think about that for a moment. This is an extremely important point.

For example, if Zone Alarm asks "Do you want to allow Internet Explorer
to access the internet, obviously you would click Yes.

But... if you were asked "Do you want to allow CS032.TMP (or
some other strange filename) to access the internet?" then a big
red flag should go up in your head and you should click on No,
followed by a complete scan and removal of spywares on your system.
Messages like this one are pretty clear indicators that you've got
some spyware trying to phone home on your PC's internet connection.

So, in a nutshell, ZoneAlarm can also alert you to when it's time
to run your SpyWare removal tools. It keeps bad stuff out and bad
stuff on your system from sending your personal info out as well.
You are taking a big risk if you are not running the best personal
firewall - Zone Alarm Pro. Again, it is available at:
http://apcsnh.com/vacm/tools/bestfirewall.htm

2. Get the best AntiVirus protection you can and keep it up to
date on a daily basis. Our #1 choice is Norton Antivirus due
to its minimal impact on system performance and its ability to
protect against more viruses.

Norton Antivirus 4 has some spyware blocking features, but until
we finish testing it, we are not sure if it is really any better
than just installing Norton 2003.

5. VERY IMPORTANT (more than you might guess)
If you have not already done so, do the steps outlined in our
VACM HowTo articles to harden your system even further and to
learn how to deal safely with attachments, and to turn off
hiding of file extensions, definitely! You can find
these in near the top of the VACM Archives page at:

http://apcsnh.com/vacm

They are just above the archived VACM articles list.

Best Regards,
Marc Deschenes, VACM Editor
The VACM Project at
Automated PC Solutions

*** Be sure to check out the appendix at the end of this alert
if you are having trouble booting your computer into "Safe Mode".
The process is all spelled out for you there.

Why should you be very
concerned about Spyware?

Learn how to avoid Identity Theft and Windows corruption in this
free VACM Video:
VACM-tested #1 AntiSpyware Software

How did they steal my Identity?

Why do I get so much SPAM ?

Why is your computer
running so slow ?

Today, every PC needs just a few protection softwares. Find out what and why. Visit our Links Page to avoid Indentiry Theft and costly computer repairs.
VACM Links to Protection Tools and Softwares

Keep your PC Safe and
Avoid a costly trip to the shop...
with these VACM approved tools.

You need 3 things to protect your PC(s) automatically. Use these links to go directly to the Download and Purchase pages:

Old Shotgun Shell Boxes
are collector's items and
worth good money!
(yes... just the empty boxes)

get your
ShotShell BlueBook
price guide
now.

To cancel your subscription to VACM, reply to this email with the word UNSUBSCRIBE in the subject.

If you click on the link below, the "unsubscribe" email will be created for you and you can simply hit "Send" in you email program:

Create My Unsubscribe Email

IMPORTANT: please include the email address at which you are currently receiving VACM Alerts in the body of the message.

******** APPENDIX - Handy How-To Tips **********

* How To Boot into Safe Mode

Shut the computer down so that the power is off.

Turn the computer on, wait 1 second and begin pressing the F8 key
on the keyboard, once every second repeatedly. Do this until
the Windows Startup Menu appears. If you get a keyboard
error, press F1 to resume and then continue pressing the
F8 key once every second, or your PC may tell you to press another key for BIOS setup.

Select Safe Mode from the Windows Startup Menu, then press
the Enter key on the keyboard.

Windows will then boot into Safe Mode.
NOTE: This may take longer than a normal boot.

At the end of the boot process a dialog box will appear
informing you that Windows is in Safe Mode. Click OK on this dialog box.

Windows is now in Safe Mode.

If you miss hitting the F8 at the right time, Windows will boot
normally and you will not see the "Safe Mode" message. In this
case, start from the top of these instructions until you get the
boot menu screen where you can choose "Safe Mode". This can be
a little tricky the first time you do it.