The worms have been turning and then some for PayPal users – the popular Internet payment system's users have been attacked by a very sophisticated round of e-mail worms that turn a clever twist: they hit them through links to legitimate PayPal sites, rather than mirror-image websites.
PayPal is often the payment method of choice for hundreds of adult websites.
The new e-mail worms require a user launching an attached executable or visual basic script file, which installs a program that "surreptitiously intercept(s) and log(s) keystrokes on a user's computer" to steal passwords and other private information, Wired has reported.
Unfortunately for the worm generators, their clever little idea contained one rather embarrassing flaw that may help make it easier to catch and stop them – terrible spelling and grammar.
Wired reported Friday that the most recent such mailing, dated February 10, had a few spelling errors: "PayPal has just finish our lastest breakthrough in customer server. The PayPal Account Manager. With this program, you can now have LIVE 24/7 support with aPayPal Tech Support Operator. We hope this increases your PayPal experience."
Most such worm attacks – like a January 30 attack called "PayPal Security Update" – are written with great care to spelling and grammar, the better to escape fast detection as what they really are.
Symantec Security Response spent two days analyzing the file but haven't yet decrypted information about where the worm's logged data goes, Wired added.
For a related story, click here.
Charles Farrar
