Virus alert - Don't open PAYPAL attachme nt

“I just got this email from our College tech guru...along with FOUR of the virus carrying email messages. Thank God I didn't open any of the attachments. I normally would post stuff like this, but I know a lot of you use PayPal:


"There is a new computer worm sending messages that appear to be from Paypal.com. Do not open these messages. Symantec confirms that this is a real problem, not a hoax, but we do not have any information yet on what damage might be done. The necessary update to the College of Engineering virus protection software has not been released by Symantec yet, but we will install it ASAP."”

“Ugh! Thanks Phil.

This is not just a virus, it is a scam too. It asks you to run a program and fill out a form with personal financial info.

Its called "Mimail".

http://www.pcworld.com/news/article/0,aid,113478,00.asp”

“I just recently received an email from Paypal and the subject was called quarterly statement. I didn't open the email, but is this the one?”

“I have received an expired credit card email today. Mine is not the virus though... It gave the last 4 of my credit card and it also gives instructions to change your credit card info on the paypal website.

I never open attachments. They can be from my best friend. I'll email them first and make sure.”

“Thanks for the warning Phil!”

“I got one of those. Wrote to Paypal. They say anytime they need you to look at something or change something, they require you to sign in to your Paypal account and then change it. Anything that doesn't require sign-in is bogus! I also got something similar about Yahoo "services".

Also, anyone having trouble with your home page getting set to luckysearch? It's called "browser hijack", adn it's a virus-type of spyware. Very annoying and invasive!
There's a fix for it. Someone wrote a snazzy little program to remove it. or them. There are about 20 of them. The fix removes them all! (Or all the known ones)
here's the link. The fix download is near the bottom of the page. Click the link that says "How do I get rid of this?"
cwshredder.zip”

“The link that says "How do I get rid of this" is near the top, inside the box that names the trojans.”

“I knew something had happend to my 'puter. I ran the utility and a couple of those dammm things were removed. Hopefully the strange things will stop happening now.”

“There appear to be quite a few variants of that.

http://www.f-secure.com/v-descs/_new.shtml”

“This is the one --- Mimail.I

http://www.f-secure.com/v-descs/mimail_i.shtml”

“that sounds like whats been happening to me alot the last couple of days. When I log on the Worldnet homepage just goes blank!! It hasnt happened today so I guess they fixed it. Streamweaver”

“Thanks, cindy_lu.”

“Ok, I've worked on a few enterprise web sites and here are a few things to keep in mind.

1. Legitimate ebusinesses NEVER send email attachments.

2. When you need to udpate personal information they ask you to log into your account in your usual manner and change it there. They NEVER send you to a link with subdirectories or to a different domain name (site address)

3. Emails that pertain to your account activity will be plain text NOT HTML (HTML formatted email is usually reservered for their email newsletters) and normally contain a tracking or id number at the end of them.

4. Simply because an email has a @expectedsitename.com extension doesn't mean it is a legitimate. Email addresses can be spoofed (forged).

5. Most importantly legitimate businesses don't operate in a way that appears illegitimate. If something you recieve seems out of character or breaks from how they have done business in the past then question it.”

“Thanks Phil - I've had the Paypal email roll in at least four times in the last 24hrs. Norton AntiVirus picked it up alright”