Security Basics mailing list archives
Re: Possible PayPal security problem
From: "zelyah zub" <zelyahzub () gmail com>
Date: Thu, 20 Dec 2007 10:12:51 +0000
On Dec 19, 2007 9:49 PM, Fabio Fagundes <fabio.fagundes () gmail com> wrote:
Hi all, nslookup paypal.com : 66.211.168.65 66.211.168.97 66.211.168.193 66.211.168.209 Reverse resolution seems to be fine too... 1st & 2nd resolve to www.paypal.com and the 3rd & 4th to node-66-211-168-(193;209).networks.paypal.com.
That sounds like the most probable solution. I do not believe that Paypal, being a target for attacks many times in the past, would ever ask you to "verify your identity" by entering your credit card details. There are many banking Trojans that try to insert themselves as Layered Service Providers, intercept the traffic and inject HTML into pages and then send sensitive data to the malware writers. Since you had the same behaviour with Firefox and IE it is not a usual BHO (browser helper object) attack. I would suspect that the email is also fake (you should try looking at the raw source of the email and try to find the originator of the message, although that can be spoofed as well). Finally it is probably best to report this potential attack yourself. But before you do this I would download a bootable Linux distribution such as Knoppix and submit the query after booting from it, to make sure that the malware is not actively running in memory. Oh, don't forget to use up-to-date anti-virus software, although that is not a guarantee that the malware will be detected and removed. Ultimately (and I hate saying this), backup all your data (and just data) and re-install the system from scratch. Cheers,
Current thread:
- Re: Possible paypal security problem, (continued)
- Re: Possible paypal security problem Eric Marden (Dec 19)
- RE: Possible PayPal security problem Bob Dienhart (Dec 19)
- RE: Possible PayPal security problem Weir, Jason (Dec 19)
- Re: Possible PayPal security problem Rene Borchers (Dec 20)
- Re: Possible PayPal security problem tony barry (Dec 20)
- Re: Possible PayPal security problem Larry Offley (Dec 20)
- cache snooping attacks Corben Dallas (Dec 26)
- Re: Possible PayPal security problem Michael Painter (Dec 19)
- [Suspected Spam]Re: Possible PayPal security problem Michael R. Martinez (Dec 19)
- Re: Possible PayPal security problem Fabio Fagundes (Dec 19)
- Re: Possible PayPal security problem zelyah zub (Dec 20)
- RE: Possible PayPal security problem Ric Messier (Dec 19)
- Re: Possible PayPal security problem Harry Henry Gebel (Dec 20)