[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] [Full-Disclosure]: Attempt to steal paypal password
- To: <full-disclosure@lists.netsys.com>
- Subject: [Full-Disclosure] [Full-Disclosure]: Attempt to steal paypal password
- From: "Michael Linke" <ml@intract.org>
- Date: Tue, 11 Nov 2003 10:04:56 +0100
There seams to be a new faked Email on the way since today morning, with the
subject "PayPal User Agreement 9".
The Email is in html form and content a Hyperlink named
https://www.paypal.com/cgi-bin/webscr?cmd=login-run
But under this hyperlink is not paypal, it is:
http://www.paypal.com@64.191.16.16/.
So someone is going to collect paypal passwords. Using this password an
attacker can send money from there. The whole action seams to be a spamming
attempt sent to random email addresses, because the receiver Email Address
Michael@smiley-power.de is not registered at paypal.
According ARIN Whois the IP Search 64.191.16.16 belongs to:
OrgName: Network Operations Center Inc.
OrgID: NOC
Address: PO Box 591
City: Scranton
StateProv: PA
PostalCode: 18501-0591
Country: US
The Email comes from 68.77.201.24.
(X-RBL-Warning: (dialup.bl.kundenserver.de) this mail has been received from
a dialup host.)
Email Header below. The Email Msg is attached to this email.
---------------------------------------------
Return-path: <support@paypal.com>
Envelope-to: michael@smiley-power.de
Delivery-date: Tue, 11 Nov 2003 02:46:25 +0100
Received: from [68.77.201.24]
(helo=adsl-68-77-201-24.dsl.milwwi.ameritech.net)
by mxng14.kundenserver.de with smtp (Exim 3.35 #1)
id 1AJNbg-0005Xc-00
for michael@smiley-power.de; Tue, 11 Nov 2003 02:46:17 +0100
Received: from paypal.com (smtp2.sc5.paypal.com [64.4.244.75])
by adsl-68-77-201-24.dsl.milwwi.ameritech.net (Postfix) with ESMTP
id D7A073BEBC
for <michael@smiley-power.de>; Mon, 10 Nov 2003 19:46:12 -0600
From: Support <support@paypal.com>
To: Michael <michael@smiley-power.de>
Subject: PayPal User Agreement 9
Date: Mon, 10 Nov 2003 19:46:12 -0600
Message-ID: <110001c3a7f5$1fe9490f$e212810a@paypal.com>
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Priority: 1 (Highest)
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook, Build 10.0.2616
Importance: High
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-RBL-Warning: (dialup.bl.kundenserver.de) This mail has been received from
a dialup host.
-------------------------------------------------------
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>PayPal</TITLE>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<STYLE type=text/css>
..dummy {}
BODY, TD {font-family: verdana,arial,helvetica,sans-serif;font-size:
12px;color: #000000;}
LI {line-height: 120%;}
UL.ppsmallborder {margin:10px 5px 10px 20px;}
LI.ppsmallborderli {margin:0px 0px 5px 0px;}
UL.pp_narrow {margin:10px 5px 0px 40px;}
..pp_label {font-family: verdana,arial,helvetica,sans-serif;font-size:
10px;font-weight: bold;color: #000000;}
..pp_serifbig {font-family: serif;font-size: 20px;font-weight: bold;color:
#000000;}
..pp_serif{font-family: serif;font-size: 16px;color: #000000;}
..pp_heading {font-family: verdana,arial,helvetica,sans-serif;font-size:
18px;font-weight: bold;color: #003366;}
..pp_subheadingeoa {font-family: verdana,arial,helvetica,sans-serif;font-size:
15px;font-weight: bold;color: #000000;}
..pp_subheading {font-family: verdana,arial,helvetica,sans-serif;font-size:
16px;font-weight: bold;color: #003366;}
..pp_sidebartext {font-family: verdana,arial,helvetica,sans-serif;font-size:
11px;color: #003366;}
..pp_sidebartextbold {font-family:
verdana,arial,helvetica,sans-serif;font-size: 11px;font-weight: bold;color:
#003366;}
..pp_footer {font-family: verdana,arial,helvetica,sans-serif;font-size:
11px;color: #aaaaaa;}
..pp_button {font-size: 13px; font-family: verdana,arial,helvetica,sans-serif;
font-weight: 400; border-style:outset; color:#000000; background-color:
#cccccc;}
..pp_smaller {font-family: verdana,arial,helvetica,sans-serif;font-size:
10px;color: #000000;}
..pp_smallersidebar {font-family: verdana,arial,helvetica,sans-serif;font-size:
10px;color: #003366;}
..ppem106 {font-weight: 700;}
</STYLE>
<META content="MSHTML 6.00.2800.1264" name=GENERATOR></HEAD>
<BODY bgColor=#ffffff><B>Von:</B> Support
[support@paypal.com]<BR><B>Gesendet:</B> Dienstag, 11. November 2003
02:46<BR><B>An:</B> Michael<BR><B>Betreff:</B> PayPal User Agreement
9<BR><BR><B>Wichtigkeit:</B> Hoch<BR>
<TABLE cellSpacing=0 cellPadding=0 width=600 align=center border=0>
<TBODY>
<TR vAlign=top>
<TD><A href="https://www.paypal.com";><IMG height=35 alt=PayPal
src="http://images.paypal.com/images/email_logo.gif"; width=255
border=0></A> </TD></TR></TBODY></TABLE>
<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR>
<TD width="100%"
background=http://images.paypal.com/images/bg_clk.gif><IMG height=29
src="http://images.paypal.com/images/pixel.gif"; width=1
border=0></TD></TR>
<TR>
<TD><IMG height=10 src="http://images.paypal.com/images/pixel.gif"; width=1
border=0></TD></TR></TBODY></TABLE>
<TABLE cellSpacing=0 cellPadding=0 width=600 align=center border=0>
<TBODY>
<TR vAlign=top>
<TD width=400>
<TABLE cellSpacing=0 cellPadding=5 width="100%" border=0>
<TBODY>
<TR vAlign=top>
<TD>
<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR>
<TD class=pp_heading align=left>User
Agreement</TD></TR></TBODY></TABLE></TD></TR>
<TR>
<TD>Dear PayPal User.<BR><BR>Due to concerns we have for the safety
and integrity of the PayPal<BR>community we have issued this
warning.
<P>Per the User Agreement, Section #9, we may immediately issue a
warning, temporarily suspend, indefinitely suspend or terminate
your
membership<BR>and refuse to provide our services to you if we
believe that your actions<BR>may cause financial loss or legal
liability for you, our users or us. We may also<BR>take these
actions if we are unable to verify or authenticate
any<BR>information you provide to us!</P>
<P>Please follow the link below: <BR><A
href="http://www.paypal.com@64.191.16.16";><FONT
color=#0000cc>https://www.paypal.com/cgi-bin/webscr?cmd=login-run</FONT></A><FONT
color=#0000cc> </FONT>and update your account information
now.</P></TD></TR>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=0 align=center bgColor=#ffffff
border=0>
<TBODY>
<TR>
<TD><IMG height=5
src="http://images.paypal.com/images/dot_row.gif";
width=390></TD></TR></TBODY></TABLE></TD></TR>
<TR>
<TD class=pp_footer>Please note that this is not a complete list of
all our products and features. All products, features, and policies
are subject to change. Be sure to <A
href="http://www.paypal.com@64.191.16.16";>log in</A> to your PayPal
account on a regular basis to view the "Policy Updates" page which
can be found in the "What's New" box. </TD></TR>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR>
<TD class=pp_footer>Please do not reply to this e-mail. Mail
sent to this address cannot be answered. For assistance, <A
href="http://www.paypal.com@64.191.16.16";>log in</A> to your
PayPal account and choose the "Help" link in the footer of
any
page.<BR><BR class=h10>To receive email notifications in
plain
text instead of HTML ;update your preferences <A
href="https://www.paypal.com/PREFS-NOTI";>here</A>. </TD></TR>
<TR>
<TD><IMG height=10
src="http://images.paypal.com/images/pixel.gif"; width=1
border=0></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD>
<TD><IMG height=1 src="images.paypal.com/images/pixel.gif" width=10
border=0></TD>
<TD vAlign=top width=190>
<TABLE cellSpacing=0 cellPadding=1 width="100%" bgColor=#cccccc
border=0><TBODY>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=0 width="100%" bgColor=#ffffff
border=0>
<TBODY>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=5 width="100%"
bgColor=#eeeeee border=0>
<TBODY>
<TR>
<TD class=pp_sidebartextbold
align=middle>News:</TD></TR></TBODY></TABLE>
<TABLE cellSpacing=0 cellPadding=5 width="100%" border=0>
<TBODY>
<TR>
<TD class=pp_sidebartext>
<TABLE cellSpacing=0 cellPadding=0 width="100%"
border=0>
<TBODY>
<TR vAlign=top>
<TD align=middle>
<DIV align=center><A
href="http://www.5stardeal.com/"; target=_new><IMG
height=100
src="http://www.paypal.com/en_US/i/shops/xTyuJ.WP0JXHkABqeqJDeim1yjVoFuKuLyFI7w.gif";
width=150
border=0></A></DIV></TD></TR></TBODY></TABLE>
<DIV align=center><IMG height=1
src="PayPal - Shops_files/pixel.gif" width=1 0><BR><BR
class=h10><IMG height=1
src="PayPal - Shops_files/pixel.gif" width=1 0><BR><A
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/acc/community-outside";><SPAN
class=ppem106>Community Page</SPAN></A>
<TABLE cellSpacing=0 cellPadding=5 width="100%"
border=0>
<TBODY>
<TR vAlign=top>
<TD align=middle><A
href="http://www.paypal.com/cgi-bin/webscr?cmd=p/acc/community-outside";><IMG
height=59 alt=""
src="http://www.paypal.com/images/icon_community_logo.gif";
width=86 align=middle border=0></A></TD></TR>
<TR vAlign=top>
<TD class=ppsmalltext>Learn about the PayPal
Community</TD></TR></TBODY></TABLE><IMG height=5
src="PayPal - Shops_files/pixel.gif" width=1><BR><SPAN
class=ppem106>Fight Against Leukemia and
Lymphoma</SPAN>
</DIV>
<TABLE cellSpacing=0 cellPadding=5 width="100%"
border=0>
<TBODY>
<TR vAlign=top>
<TD class=ppsmalltext><BR class=h6>
<TABLE cellSpacing=0 cellPadding=0 align=center
border=0>
<TBODY>
<TR>
<TD align=middle>
<FORM
action=https://www.paypal.com/cgi-bin/webscr
method=post><INPUT type=hidden value=_xclick
name=cmd> <INPUT type=hidden
value=admin@leukemia-lymphoma.org
name=business>
<INPUT type=hidden value=1 name=no_note> <INPUT
type=hidden value=USD name=currency_code>
<INPUT
type=hidden value=0 name=tax> <INPUT type=image
alt="Make payments with PayPal - it's fast,
free and secure!"
src="https://www.paypal.com/images/x-click-but04.gif";
border=0 name=submit>
</FORM></TD></TR></TBODY></TABLE><BR
class=h6>Click the button to make a donation to
the Leukemia & Lymphoma Society.
</TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=5 width="100%"
bgColor=#eeeeee border=0>
<TBODY>
<TR>
<TD class=pp_sidebartextbold align=middle>Protect Your
Password</TD></TR></TBODY></TABLE>
<TABLE cellSpacing=0 cellPadding=5 width="100%" border=0>
<TBODY>
<TR>
<TD class=pp_sidebartext>You should <SPAN
class=ppem106>never</SPAN> give your PayPal password to
anyone.<BR><IMG height=5
src="http://%1%/images/pixel.gif"; width=1
border=0></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></BODY></HTML>