Latest Trojan 'Phishing' For Personal Data

A new trojan that's an offshoot of a recently discovered Internet worm is attempting to drain PC users' bank accounts by duping them into disclosing personal information, an anti-virus company said Friday.

Mmdload-A was distributed apparently through a mass mailing in an attempt to trick people into downloading the recently discovered Mimail-N worm, Sophos Plc said.

"This is the latest Trojan 'phishing' for personal financial data," Chris Belthoff, senior security analyst at the Lynnfield, Mass.-based company, said in a statement. "Just like spammers, the malicious coders can make enough money to make it worth their while if only a small percentage of folks actually fall for the ruse. For those that do, the bad guys can completely drain their bank accounts."

Mmdload arrives as a zipped attachment in an email that carries the same subject line and text as the Mimail worm. The message offers recipients the chance of winning cash, which will be deposited directly in their bank accounts, if they fill out the attached form.

Clicking on the attachment launches a program named PAYPAL.exe that contacts a Russian web site, www.aquarium-fish.ru, to download the Mimail worm. The webs site is the same used by Mimail to send completed forms disguised as coming from PayPal, an online payment service.To defend against Mmdload and other malicious email attachments, Sophos recommends companies consider blocking all programs at the email gateway. For most businesses, it's rare for employees to receive a legitimate program from the outside via email.

"Best practice for business should include automatic blocking of all executable code at the email gateway," Belthoff said. "Reputable companies do not send out files in this way, and users should think twice before they click on unsolicited email messages."