Even though the Mimail virus didn’t achieve the threat level or the media coverage that itsmalicious code cohorts, Sobig and Blaster, did a few months ago, it has become thefourth most damaging virus of all times.
The worldwide economic damage caused by the Mimail family has surpassed $9 billion, whenfactoring in business interruptions and productivity losses, according to London-based mi2g,a digital risk management company. Mimail now is only preceeded by Sobig, Klez and Yaha. TheSwen virus has been bumped to fifth place.
”Five years ago, hackers and virus writers carried out most of the attacks to demonstrateintellectual prowess,” says D.K. Matai, executive chairman of mi2g. ”The metamorphosis inmotives has definitely been towards financial fraud and extortion activity.”
Mimail-I and Mimail-J are viruses aimed at carrying out a ”phishing” scam. Both try toinduce users of PayPal, owned by eBay, to enter their credit card information into a pop-upwindow. The victim has to click on an attached program to activate the virus and Mimail-Jalso asks for a Social Security number and mother’s maiden name, two key pieces of dataessential for identity theft.
Mimail-J is the 10th variant of the virus that first appeared in August.
The Mimail virus hit the wild in August, which has been designated as the worst month inhistory for digital attacks. Sobig-F and the Blaster worms created great turmoil in theon-line world.
In August, viruses, along with overt and covert hacker attacks, caused $32.8 billion ineconomic damages, according to another report from mi2g, The Sobig virus alone accounted for$29.7 billion of economic damages worldwide.
Sobig has held onto its top position on the infamous list, causing an estimated $36.1billion in damages. Klez, holding the second ranking, has accounted for $18.9 billion indamages, and Yaha has taken third place with $11.1 billion worth of damages.
The recent Mimail viruses are a refined version of an online scam known as ”phishing” in which malevolents send emails that appear to come from a major bank or company. The criminals’ email directs the user to divulge personal identity information. In most cases of similar banking scams, victims have been directed to enter their data into a look-alike Web site. Mimail’s use of an executable program that collects and sends the data back to the attacker makes it difficult for victim companies to stop the scam swiftly by calling on internet service providers (ISPs) to shut down a particular web site.