lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031114014427.GA14793@www.complete-ideas.com>
From: rara at navigo.com (Rachael Treu)
Subject: Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES

Delete it or forward it to abuse@...oo.com.

Headers (at least on the copy I received) identify the man behind
the curtain as...

>From jcsjj5@...oo.com  Thu Nov 13 17:28:51 2003
Return-Path: <jcsjj5@...oo.com>
Received: from 81.249.20.142 (APuteaux-111-1-5-142.w81-249.abo.wanadoo.fr
+[81.249.20.142])

The attachment is a yet another trojan-du-jour set to snarf a host of 
information through lines including but not limited to the following 
buzzwords:

KERNEL32.DLL
ADVAPI32.DLL
CRTDLL.DLL
GDI32.DLL
iphlpapi.DLL
SHELL32.DLL
USER32.DLL
wsock32.dll
LoadLibraryA
GetProcAddress
ExitProcess
RegCloseKey
exit
GetStockObject
GetNetworkParams
ShellExecuteA
SetTimer
recv

(I'm lazy and am pasting only the end of strings output.)

Have fun.
--ra


-- 
K. Rachael Treu, CISSP     rara at navigo dot com
..Fata viam invenient..


On Thu, Nov 13, 2003 at 04:43:16PM -0800, Larry Hand said something to the effect of:
> Anyone else seeing this? It comes with an attachment Paypal.asp.scr. 
> Anyone know what it is? It sure looks suspicious.
> 
> 
> ----------  Forwarded Message  ----------
> 
> Subject: YOUR PAYPAL.COM ACCOUNT EXPIRES
> Date: Fri, 14 Nov 2003 03:29:00 -0500
> From: PayPal.com <donotreply@...pal.com>
> To: lhand@...la.ca.us
> 
> 
> Dear PayPal member,
> 
> PayPal would like to inform you about some important information regarding 
> your PayPal account. This account, which is associated with this email address 
> will be expiring within five business days.  We apologize for any inconvenience 
> that this may cause, but this is occurring because all of our customers are 
> required to update their account settings with their personal information.
> 
> We are taking these actions because we are implementing a new security 
> policy on our website to insure everyone's absolute privacy. To avoid any 
> 
> interruption in PayPal services then you will need to run the application that 
> we have sent with this email (see attachment) and follow the instructions. 
> Please do not send your personal information through email, as it will not be 
> as secure.
> 
> IMPORTANT! If you do not update your information with our secure application 
> within the next five business days then we will be forced to deactivate your 
> account and you will not be able to use your PayPal account any longer. It 
> is strongly recommended that you take a few minutes out of your busy day 
> and complete this now.
> 
> DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an 
> automated message system and the reply will not be received.
> 
> Thank you for using PayPal.
> 
> 
> -------------------------------------------------------
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ