Enjoy unlimited access: just £1 for 12 weeks

Subscribe now

The W32.Paylap worm is a variant of the so-called Mimail virus that first surfaced in August. Posing as an email from a company with which the recipient does business, the virus tries to trick people into sending information that could then be used to steal the victim’s identity or money from their accounts. These hi-tech scams are known as ‘phishing’ or ‘carding’.

The new worm comes disguised as an email from PayPal, the most popular online payment provider for eBay users. The worm appears with the subject line Your Paypal.com Account Expires and contains an attachment.

When the attachment titled paypal.asp.scr is opened, a window appears bearing the PayPal logo and asking for credit card details.

The virus stores any information provided by the victim in a file called ppinfo.sys and the file is sent to four email addresses stored in the programme. It also has the ability to send itself to email addresses harvested from a victim’s computer.

Users of Microsoft Windows 95, 98, 2000, NT, Me and XP are thought to be most vulnerable.

EBay, whose users have been the subject of a number of phishing scams, say they would never send users an attachment or ask for sensitive information via email. They are encouraging their users to educate themselves on spoof emails by taking a Spoof Email Protection Tutorial available on the eBay site.

At the time of going to press, the spread of W32.Paylap was slowing – and a few antivirus software companies had updated their signature files to include this worm – but there could well be another variant of the virus on its way, given that ten have already been circulated since the original version.

Sound advice on phishing scams comes from the US Federal Trade Commission: “If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link. Instead, contact the company using a website you know to be genuine.”