There has been reports of emails being
spammed targetting PayPal users. It provides a link to where the
user can download a Paypal Security Tool, wherein fact the file
does not at all give your system security as what it should have
offered. It changes the DNS server of the workstation. So, instead
of being redirected to the legitimate PayPal site, the user will
end up logging in a ‘phishing site’. But, it would be not
noticeable since the address bar will still show you ‘paypal.com’.
Screenshots of the legitimate PayPal site and the PayPal phising
site is provided below.
PAYPAL SITE:
PAYPAL PHISHING SITE:
The file will be detected as TROJ_DNSCHANGE.F. It may only be PayPal for now but in
the future, malware authors may use all other sites.
For more details, you may visit:
Websensesecuritylabs
ISC Sans
spammed targetting PayPal users. It provides a link to where the
user can download a Paypal Security Tool, wherein fact the file
does not at all give your system security as what it should have
offered. It changes the DNS server of the workstation. So, instead
of being redirected to the legitimate PayPal site, the user will
end up logging in a ‘phishing site’. But, it would be not
noticeable since the address bar will still show you ‘paypal.com’.
Screenshots of the legitimate PayPal site and the PayPal phising
site is provided below.
PAYPAL SITE:
PAYPAL PHISHING SITE:
The file will be detected as TROJ_DNSCHANGE.F. It may only be PayPal for now but in
the future, malware authors may use all other sites.
For more details, you may visit:
Websensesecuritylabs
ISC Sans
