By Bob Sullivan Technology correspondent
msnbc.com
updated 11/10/2004 8:16:30 PM ET 2004-11-11T01:16:30

A new computer virus that lures victims the same way phishing e-mails do is on the loose, antivirus firms say. Potential victims get an e-mail saying their credit card has been charged $175 by PayPal, and are urged to click on a link for details. But following the link will cause the consumer's computer to become infected.

Other variations offer a peek at potentially pornographic material, or claim to be from someone looking for new friends; they, too, urge recipients to click on a link.

The virus -- called a MyDoom variant by some researchers,  and "Bofra" by others -- also takes advantage of a brand-new vulnerability in Microsoft's Internet Explorer. Microsoft has yet to produce a patch for the flaw, making the virus potentially dangerous. However, it's not spreading dramatically, according to antivirus firms. Symantec Corp. has only seen reports of 29 infections, according to Oliver Friedrichs, senior manager of the firm's security response team.

The worm is, however, generating a lot of stray e-mails in an attempt to infect more machines, said Craig Schumgar of McAfee. The firm rates the worm a medium threat.

(MSNBC is a Microsoft - NBC joint venture.)

How it works
Each infected computer is loaded with code that allows it to serve up a small Web site onto the Internet that's laced with the infecting code. It then scours all files on the computer for e-mail addresses, and sends out e-mails to more potential victims. The link in those e-mails actually directs recipients' computers back to the computer that sent the e-mail. Recipients who click on the link automatically download infected code from the original machine.

"The messages are spreading," Schmugar said. "We are getting reports of thousands of messages being blocked. But it's hard to gauge how many infected computers there are."

The phishing-like tactic may have backfired on the virus author, however, Schmugar said, because many Internet users are now suspicious of such e-mails.

The PayPal variation includes this message:

"Congratulations! PayPal has successfully charged $175 to your credit card. Your order tracking number is A866DEC0, and your item will be shipped within three business days."

It then goes on to urge recipients to click on hyperlinked text within the e-mail.

"The social engineering puts people on guard because they are getting a strange message from PayPal they weren't expecting," Schmugar said. "But it is interesting."

The tactic helps the worm evade virus detection programs. Since the virus-infecting e-mail contains no attachment or executable file, it isn't filtered out by most antivirus products. 

"It's unique because there's no malicious code in the actual e-mail,"  Friedrichs said.

Consumers are urged not to click on links that arrive in unexpected e-mails. 

© 2013 msnbc.com Reprints

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments