Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Romanian phishing attack hits PayPal

Romanian phishing attack hits PayPal

by Nikola Strahija on November 6th, 2005 PayPal has been hit by a new phishing attack, which redirects users to a fake site in an attempt to collect login details. The problem was first reported by Websense Security Labs.


The attack begins with a spoofed email message that provides a link to download the executable 'PayPal security tool' file. The file named 'PayPal-2.5.200-MSWin32-x86-2005.exe', is in fact a Trojan which modifies the DNS server of the local workstation and then deletes itself. All future requests are then transparently redirected to a bogus website.

The next time the user attempts to visit the PayPal website, they will instead arrive at a phishing site even though the web address shown in the browser's toolbar will appear to be correct. When the user logs in, the phishing site requests that they update their account. They are prompted to enter the following information: Name, Credit/ATM Card, Billing Address, Phone Number, Social Security Number, Mother's Maiden Name, Date of Birth, Driver's License, and Bank Account/Routing Numbers.

The malicious DNS server is hosted in Romania, while the phishing server is hosted in India.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »