Mimail 第九代變種 假借為線上付款機制公司
盜取信用卡號 小心寄件者為 PayPal.com 之郵件

Mimail 駭蟲變種第九次了，這次假借為 PAYPAL 線上付款機制公司所發出的訊息，告知使用者須執行附加檔案，否則會取消 PAYPAL 公司中的帳號，誘騙使用者執行駭蟲信件附加檔案。

執行附加檔案後，會出現一視窗，要求使用者輸入信用卡卡號以及信用卡到期日，已達到其盜取信用卡卡號之目的。

Mimail 變種駭蟲信件：
寄件者：PayPal.com
主旨：YOUR PAYPAL.COM ACCOUNT EXPIRES
內文：
Dear PayPal member,

PayPal would like to inform you about some important information regarding your PayPal account. This account, which is associated with this email address

recipient@somewhere

will be expiring within five business days. We apologize for any inconvenience that this may cause, but this is occurring because all of our customers are required to update their account settings with their personal information.

We are taking these actions because we are implementing a new security policy on our website to insure everyone's absolute privacy. To avoid any interruption in PayPal services then you will need to run the application that we have sent with this email (see attachment) and follow the instructions. Please do not send your personal information through email, as it will not be as secure.

IMPORTANT! If you do not update your information with our secure application within the next five business days then we will be forced to deactivate your account and you will not be able to use your PayPal account any longer. It is strongly recommended that you take a few minutes out of your busy day and complete this now.

DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an automated message system and the reply will not be received.

Thank you for using PayPal.

附帶檔：www.paypal.com.scr 或 paypal.asp.scr

Mimail 變種駭蟲行為：
1.利用自己的 SMTP 大量發信，並偽裝成 PayPal.com 所發出的客戶通知郵件。
2.執行附加檔案後，會將自己複製到 Windows\svchost32.exe (若是NT系統則為 Winnt目錄下)。
3.修改註冊值，使開機即啟動駭蟲。
4.產生 c:\pp.hta 以及 c:\pp.gif 檔案，此為執行附加檔案後，要求使用者輸入信用卡資料之網頁。
5.將使用者輸入的信用卡號儲存到 c:\ppinfo.sys，並在之後傳送至特定的 E-mail 信箱中。