The virus arrives via an e-mail, which is thought to have been distributed through the usual spamming channels, that purports to come from eBay's online-payment service, with the subject "PAYPAL.COM NEW YEAR OFFER". The e-mail text goes on to explain that users can get their hands on a few dollars if they register with the site by--surprise, surprise--handing over their financial details.
If the recipient opens the e-mail attachment and launches the file it contains, the Trojan will download and run a new variant of the Mimail virus, Mimail N, which started doing the rounds last week. The virus goes on to harvest more e-mail addresses from the user's hard drive and sends itself out every time the user opens Windows.
The virus is thought to be the work of Russian virus writers, as the site that the virus is downloaded from and the 'PayPal' forms sent back to originates in that country.
The change in virus-writing strategy could be an attempt by writers to bypass unwitting users' virus protection, but antivirus firm Sophos has advised companies to block executable code that arrives via e-mail so that the virus is killed before it reaches users. How to remove Mmdload (Sophos) or Downloader-GM (McAfee).
