Home page logo
/

basics logo Security Basics mailing list archives

Re: Possible PayPal security problem
From: "zelyah zub" <zelyahzub () gmail com>
Date: Thu, 20 Dec 2007 10:12:51 +0000

On Dec 19, 2007 9:49 PM, Fabio Fagundes <fabio.fagundes () gmail com> wrote:
Hi all,

nslookup paypal.com :
66.211.168.65
66.211.168.97
66.211.168.193
66.211.168.209

Reverse resolution seems to be  fine too... 1st & 2nd resolve to
www.paypal.com and the 3rd & 4th to
node-66-211-168-(193;209).networks.paypal.com.

That sounds like the most probable solution. I do not believe that
Paypal, being a target for attacks many times in the past, would ever
ask you to "verify your identity" by entering your credit card
details.

There are many banking Trojans that try to insert themselves as
Layered Service Providers, intercept the traffic and inject HTML into
pages and then send sensitive data to the malware writers. Since you
had the same behaviour with Firefox and IE it is not a usual BHO
(browser helper object) attack.

I would suspect that the email is also fake (you should try looking at
the raw source of the email and try to find the originator of the
message, although that can be spoofed as well).

Finally it is probably best to report this potential attack yourself.
But before you do this I would download a bootable Linux distribution
such as Knoppix and submit the query after booting from it, to make
sure that the malware is not actively running in memory.

Oh, don't forget to use up-to-date anti-virus software, although that
is not a guarantee that the malware will be detected and removed.
Ultimately (and I hate saying this), backup all your data (and just
data) and re-install the system from scratch.

Cheers,


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault