Phishing attack hits PayPal subscribers

by admin November 4, 2005 at 10:56 am

Romanian website attempts to steal password data

A new phishing attack is targeting PayPal users, redirecting them to a fake site in an attempt to collect password details.

Websense Security Labs has reported the problem which begins with a spoofed email message that provides a link to download the executable ‘PayPal security tool’ file.

The executable, named ‘PayPal-2.5.200-MSWin32-x86-2005.exe’, is a Trojan Horse which modifies the DNS server of the local workstation and then deletes itself. All future requests are then transparently redirected to a bogus website.

This same DNS server could also be used to redirect requests for additional websites, but currently appears to redirect only PayPal subscribers.

Full story: