Re: Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES

[Rachael Treu <rara () navigo com>]

Delete it or forward it to abuse () yahoo com.

Headers (at least on the copy I received) identify the man behind
the curtain as...

> From jcsjj5 () yahoo com  Thu Nov 13 17:28:51 2003
Return-Path: <jcsjj5 () yahoo com>
Received: from 81.249.20.142 (APuteaux-111-1-5-142.w81-249.abo.wanadoo.fr
+[81.249.20.142])

The attachment is a yet another trojan-du-jour set to snarf a host of 
information through lines including but not limited to the following 
buzzwords:

KERNEL32.DLL
ADVAPI32.DLL
CRTDLL.DLL
GDI32.DLL
iphlpapi.DLL
SHELL32.DLL
USER32.DLL
wsock32.dll
LoadLibraryA
GetProcAddress
ExitProcess
RegCloseKey
exit
GetStockObject
GetNetworkParams
ShellExecuteA
SetTimer
recv

(I'm lazy and am pasting only the end of strings output.)

Have fun.
--ra


-- 
K. Rachael Treu, CISSP     rara at navigo dot com
..Fata viam invenient..


On Thu, Nov 13, 2003 at 04:43:16PM -0800, Larry Hand said something to the effect of:
> Anyone else seeing this? It comes with an attachment Paypal.asp.scr. 
> Anyone know what it is? It sure looks suspicious.
>
>
> ----------  Forwarded Message  ----------
>
> Subject: YOUR PAYPAL.COM ACCOUNT EXPIRES
> Date: Fri, 14 Nov 2003 03:29:00 -0500
> From: PayPal.com <donotreply () paypal com>
> To: lhand () co la ca us
>
>
> Dear PayPal member,
>
> PayPal would like to inform you about some important information regarding 
> your PayPal account. This account, which is associated with this email address 
> will be expiring within five business days.  We apologize for any inconvenience 
> that this may cause, but this is occurring because all of our customers are 
> required to update their account settings with their personal information.
>
> We are taking these actions because we are implementing a new security 
> policy on our website to insure everyone's absolute privacy. To avoid any 
>
> interruption in PayPal services then you will need to run the application that 
> we have sent with this email (see attachment) and follow the instructions. 
> Please do not send your personal information through email, as it will not be 
> as secure.
>
> IMPORTANT! If you do not update your information with our secure application 
> within the next five business days then we will be forced to deactivate your 
> account and you will not be able to use your PayPal account any longer. It 
> is strongly recommended that you take a few minutes out of your busy day 
> and complete this now.
>
> DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an 
> automated message system and the reply will not be received.
>
> Thank you for using PayPal.
>
>
> -------------------------------------------------------
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html