Thursday, November 03, 2005

New PayPal Trojan Horse

Found this bit of info on WebsenseSecurityLabs.com -


Quote - Websense Security Labs has received reports of a new attack that targets users of PayPal. The attack begins with a spoofed email phishing message that provides a link to download the executable "PayPal security tool" file. The executable, named 'PayPal-2.5.200-MSWin32-x86-2005.exe', is a Trojan Horse which modifies the DNS server of the local workstation and then deletes itself. All future requests for 'paypal.com' will be transparently redirected to a phishing website. This same DNS server could also be used to redirect requests for additional websites, but it currently appears to only redirect 'paypal.com'.

The next time the user attempts to visit the PayPal website, they will instead arrive at a phishing site. The web address shown in the browser's toolbar will appear to be correct. Upon log in, the phishing site will request the user update their account. They are prompted to enter the following information: Name, Credit/ATM Card, Billing Address, Phone Number, Social Security Number, Mother's Maiden Name, Date of Birth, Driver's License, and Bank Account/Routing Numbers.

The Trojan Horse is currently not detected by any anti-virus vendors. The malicious DNS server is hosted in Romania while the phishing server is hosted in India. Both were online at the time of this alert.



prying1 sez:
Please pass this info on to anyone you know that utilizes PayPal. Post it to bulletin boards too!

How Stupid Are They?

Got a spoof PayPal email today. - 3Nov05 -


We are contacting you to remind you that: on 30 November 2005 our Account Review Team identified some unusual activity in your account, one or more attempts to log in to your PayPal account from a foreign IP address.



It then gives a chart showing times and dates some supposed hackers from Poland and Romania attempted to hack into my account. Had this been a real email from PayPal I would have thought, "Great! My password works! So why change it?"

Now even I know that many people will not read the entire text but when a spoof comes dated nearly a month ahead of time I think even the biggest blockhead will say, Hey! Wait a minute..."

Needless to say my reaction to this con was the same as always. Forward the email to spoof@paypal.com and scams@fraudwatchinternational.com - Go to PhishFighting.com and submit the phony website into the little box.

I have to wonder if there is anyone left in this world that does not know about spoofing and phishing scams. I guess there is because these con artists spend a lot of time and trouble to put these emails out. There must be a return or they would not waste their time.

prying1 sez: Be careful out there. Gobs of predators are on the Internet. Remind your friends, neighbors and acquaintances to watch their steps too.