Phishing: Update your PayPal account Information
Posted by admin on Monday, January 16th, 2012 | 6,955 views
We have detected new phishing emails with subject “Update your PayPal account Information” that contain fake PayPal link that redirects to a phishing page used to steal PayPal account details of users that type their credentials.
Email header:
Subject: Update your PayPal account Information Date: Mon, 16 Jan 2012 00:43:26 +0100 Received: from WIN-QJ6LOAE77N1 (unknown [109.169.70.227]) |
The malicious link is:
hxxp://technologyprojects. org/wp-rss.php |
That redirects to:
HTTP/1.1 302 Moved Temporarily Date: Mon, 16 Jan 2012 01:08:28 GMT Server: Apache X-Powered-By: PHP/5.2.14 Location: hxxp://paypal.com-us.cgi-bin-webscr-cmd.login-submit-dispatch.74fghghs68g484iky4mn86we8r46d4h38df4b83m48hg3ui4ty84s83f4xcb78.norenterprises .com/us/webser/us Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html |
Note the long subdomain name that begins with “paypal.com”:
paypal.com-us.cgi-bin-webscr-cmd.login-submit-dispatch.74fghghs68g484iky4mn86we8r46d4h38df4b83m48hg3ui4ty84s83f4xcb78.norenterprises. com |
The ip address of the malicious domain is:
67.220.209.21 / server23.verygoodserver.com |
Leave a Reply