Saturday, November 05, 2005

New PayPal Phishing Scam Mutation

My internet friend, Paul Young (author of a blog, which is a great read, prying1), sent me some interesting information of value to anyone doing business with PayPal. PayPal, E-Bay and other auction related sites are continuous targets for all sorts of internet fraud, particularly 419 (Advance fee fraud) and phishing.

Paul is pictured on the right.

Here is his post, which preceded most of the mainstream media reports on this:

"Websense Security Labs has received reports of a new attack that targets users of PayPal. The attack begins with a spoofed email phishing message that provides a link to download the executable "PayPal security tool" file.

The executable, named 'PayPal-2.5.200-MSWin32-x86-2005.exe', is a Trojan Horse which modifies the DNS server of the local workstation and then deletes itself. All future requests for '' will be transparently redirected to a phishing website. This same DNS server could also be used to redirect requests for additional websites, but it currently appears to only redirect ''.

The next time the user attempts to visit the PayPal website, they will instead arrive at a phishing site. The web address shown in the browser's toolbar will appear to be correct. Upon log in, the phishing site will request the user update their account. They are prompted to enter the following information: Name, Credit/ATM Card, Billing Address, Phone Number, Social Security Number, Mother's Maiden Name, Date of Birth, Driver's License, and Bank Account/Routing Numbers.The Trojan Horse is currently not detected by any anti-virus vendors. The malicious DNS server is hosted in Romania while the phishing server is hosted in India. Both were online at the time of this alert."

People become victims daily via internet scams on auction sites and financial service sites. As the post from Paul states, "the DNS server and phishing server for this latest scam mutation are still active." This fact illustrates how vulnerable, we all are with criminals operating in a "borderless" environment. In fact in this "borderless environment," those with the swords often unable to react quickly enough to solve the problem. This isn't their fault as they are also forced to operate in borderless environments, (where red tape and politics hamper their efforts). Paul is using the other weapon that can prevent someone from becoming victimized in the first place.

Paul's weapon of choice is the pen, which might be (currently) the most effective means of dealing with this worldwide problem. Awareness and communication can and will defeat most of these dastardly deeds.

I salute Paul and his efforts!

For the initial alert from Websense on this, click on the title of this post.


prying1 said...

Thanks Ted for the kind words. You could shrink the pic a touch. I don't have that big an ego.

I was caught by the first Phishing Letter I ever recieved. That is why I abhor them to the nth degree. - Thanks for your good work. I always appreciate your posts.

jayne d'Arcy said...

Thank you for the alert. I'm just a teeny user of PayPal, but it's always good to be reminded that one must be aware of what's going on.