[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES

To: Larry Hand <lhand@co.la.ca.us>
Subject: Re: [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
From: Rachael Treu <rara@navigo.com>
Date: Thu, 13 Nov 2003 19:44:27 -0600

Delete it or forward it to abuse@yahoo.com.

Headers (at least on the copy I received) identify the man behind
the curtain as...

From jcsjj5@yahoo.com  Thu Nov 13 17:28:51 2003
Return-Path: <jcsjj5@yahoo.com>
Received: from 81.249.20.142 (APuteaux-111-1-5-142.w81-249.abo.wanadoo.fr
+[81.249.20.142])

The attachment is a yet another trojan-du-jour set to snarf a host of 
information through lines including but not limited to the following 
buzzwords:

KERNEL32.DLL
ADVAPI32.DLL
CRTDLL.DLL
GDI32.DLL
iphlpapi.DLL
SHELL32.DLL
USER32.DLL
wsock32.dll
LoadLibraryA
GetProcAddress
ExitProcess
RegCloseKey
exit
GetStockObject
GetNetworkParams
ShellExecuteA
SetTimer
recv

(I'm lazy and am pasting only the end of strings output.)

Have fun.
--ra


-- 
K. Rachael Treu, CISSP     rara at navigo dot com
..Fata viam invenient..


On Thu, Nov 13, 2003 at 04:43:16PM -0800, Larry Hand said something to the 
effect of:
> Anyone else seeing this? It comes with an attachment Paypal.asp.scr. 
> Anyone know what it is? It sure looks suspicious.
> 
> 
> ----------  Forwarded Message  ----------
> 
> Subject: YOUR PAYPAL.COM ACCOUNT EXPIRES
> Date: Fri, 14 Nov 2003 03:29:00 -0500
> From: PayPal.com <donotreply@paypal.com>
> To: lhand@co.la.ca.us
> 
> 
> Dear PayPal member,
> 
> PayPal would like to inform you about some important information regarding 
> your PayPal account. This account, which is associated with this email 
> address 
> will be expiring within five business days.  We apologize for any 
> inconvenience 
> that this may cause, but this is occurring because all of our customers are 
> required to update their account settings with their personal information.
> 
> We are taking these actions because we are implementing a new security 
> policy on our website to insure everyone's absolute privacy. To avoid any 
> 
> interruption in PayPal services then you will need to run the application 
> that 
> we have sent with this email (see attachment) and follow the instructions. 
> Please do not send your personal information through email, as it will not be 
> as secure.
> 
> IMPORTANT! If you do not update your information with our secure application 
> within the next five business days then we will be forced to deactivate your 
> account and you will not be able to use your PayPal account any longer. It 
> is strongly recommended that you take a few minutes out of your busy day 
> and complete this now.
> 
> DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an 
> automated message system and the reply will not be received.
> 
> Thank you for using PayPal.
> 
> 
> -------------------------------------------------------
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
  - From: Irwan Hadi <irwanhadi@phxby.com>

References:
- [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
  - From: Larry Hand <lhand@co.la.ca.us>

Prev by Date: Re: [Full-Disclosure] why commcerical software *could* be better [WAS: Re: [Full-Disclosure] Microsoft prepares security assault on Linux]
Next by Date: RE: [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
Previous by thread: [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
Next by thread: Re: [Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES
Index(es):
- Date
- Thread