New MiMail sneaks past filters

The latest variant of the MiMail worm is using a software downloader to spread its payload, in an effort to fool anti-virus software.

The downloader arrives in inboxes as a file, called paypal.exe or paypal.zip, in an email headed 'PAYPAL.COM NEW YEAR OFFER'.

It offers a credit equal to 10 per cent of the host's PayPal account if the user registers with their credit card details.

MiMail was created in Russia and first appeared on the internet at the beginning of August 2003.

"To date, isolated incidents of infection by this malicious software have been reported in various countries throughout the world," said Denis Zelkin, head of communications at Kaspersky Labs.

"The new modification of the worm differs from previous versions only by the fact that it is compressed using UPX."

Once activated the Trojan contacts a Russian web server and downloads the latest copy of the MiMail worm.

This then harvests email addresses on the host and stores them in a file called outlook.cfg in the Windows folder. It also copies itself onto the registry so that it is reloaded with every reboot.

Major antivirus firms already have identity files on the malware and users are advised to update.