Phishing: Update your PayPal account Information

We have detected new phishing emails with subject “Update your PayPal account Information” that contain fake PayPal link that redirects to a phishing page used to steal PayPal account details of users that type their credentials.

Email header:

Subject: Update your PayPal account Information
Date: Mon, 16 Jan 2012 00:43:26 +0100
Received: from WIN-QJ6LOAE77N1 (unknown [109.169.70.227])

The malicious link is:

hxxp://technologyprojects. org/wp-rss.php

That redirects to:

HTTP/1.1 302 Moved Temporarily
Date: Mon, 16 Jan 2012 01:08:28 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Location: hxxp://paypal.com-us.cgi-bin-webscr-cmd.login-submit-dispatch.74fghghs68g484iky4mn86we8r46d4h38df4b83m48hg3ui4ty84s83f4xcb78.norenterprises .com/us/webser/us
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

Note the long subdomain name that begins with “paypal.com”:

paypal.com-us.cgi-bin-webscr-cmd.login-submit-dispatch.74fghghs68g484iky4mn86we8r46d4h38df4b83m48hg3ui4ty84s83f4xcb78.norenterprises. com

The ip address of the malicious domain is:

67.220.209.21 / server23.verygoodserver.com

Random Posts

Previous Posts