| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: rara at navigo.com (Rachael Treu) Subject: Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES Delete it or forward it to abuse@...oo.com. Headers (at least on the copy I received) identify the man behind the curtain as... >From jcsjj5@...oo.com Thu Nov 13 17:28:51 2003 Return-Path: <jcsjj5@...oo.com> Received: from 81.249.20.142 (APuteaux-111-1-5-142.w81-249.abo.wanadoo.fr +[81.249.20.142]) The attachment is a yet another trojan-du-jour set to snarf a host of information through lines including but not limited to the following buzzwords: KERNEL32.DLL ADVAPI32.DLL CRTDLL.DLL GDI32.DLL iphlpapi.DLL SHELL32.DLL USER32.DLL wsock32.dll LoadLibraryA GetProcAddress ExitProcess RegCloseKey exit GetStockObject GetNetworkParams ShellExecuteA SetTimer recv (I'm lazy and am pasting only the end of strings output.) Have fun. --ra -- K. Rachael Treu, CISSP rara at navigo dot com ..Fata viam invenient.. On Thu, Nov 13, 2003 at 04:43:16PM -0800, Larry Hand said something to the effect of: > Anyone else seeing this? It comes with an attachment Paypal.asp.scr. > Anyone know what it is? It sure looks suspicious. > > > ---------- Forwarded Message ---------- > > Subject: YOUR PAYPAL.COM ACCOUNT EXPIRES > Date: Fri, 14 Nov 2003 03:29:00 -0500 > From: PayPal.com <donotreply@...pal.com> > To: lhand@...la.ca.us > > > Dear PayPal member, > > PayPal would like to inform you about some important information regarding > your PayPal account. This account, which is associated with this email address > will be expiring within five business days. We apologize for any inconvenience > that this may cause, but this is occurring because all of our customers are > required to update their account settings with their personal information. > > We are taking these actions because we are implementing a new security > policy on our website to insure everyone's absolute privacy. To avoid any > > interruption in PayPal services then you will need to run the application that > we have sent with this email (see attachment) and follow the instructions. > Please do not send your personal information through email, as it will not be > as secure. > > IMPORTANT! If you do not update your information with our secure application > within the next five business days then we will be forced to deactivate your > account and you will not be able to use your PayPal account any longer. It > is strongly recommended that you take a few minutes out of your busy day > and complete this now. > > DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an > automated message system and the reply will not be received. > > Thank you for using PayPal. > > > ------------------------------------------------------- > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists