181/14). PayPal - HTML.Phishing.Bank-573

This email targets customers of PayPal.

Message Details

Malware Name:	HTML.Phishing.Bank-573
Origin:	Hungary
Date first seen:	10/08/2006 02:10:45
From:	paypal.com <security@paypal.com>
Subject:	security update

Attacker's URLs

The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.

The table shows the current status of the site: if it is still reachable (), or if it has been shut down (). If the site has not been confirmed as a phishing site it is shown with the symbol . The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the symbol.

Status	First observed	Shut Down	Internet Address	URL
				http://www.wszystko.tivi.net.pl/Update_PayPal/Update-Information-PayPal/paypal-2006brhrhbgghdfgdfgjhfgjdgfhdgbfyhbsdfvsdgfsdvgfsdhvfhsdgqsdvqsgdhvfsdghfsdgfvsdgfsdvsdgvfgsdhvfsdghvfsdgfdsvgfhsdvfgsdhfvsdh/
	10/08/2006 00:32:11	05/09/2006 21:48:06	212.217.0.30	http://perso.menara.ma/rastapop14/logo.gif
	10/08/2006 00:32:11	05/09/2006 21:50:41	212.217.0.30	http://perso.menara.ma/rastapop14/bg.gif
	10/08/2006 00:32:11	05/09/2006 21:48:06	212.217.0.30	http://perso.menara.ma/rastapop14/xl.gif

Message Text

The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.

                                  [1]logo 

                         Protect Your Account Info
    The Security Department is constantly working to ensure security by
  regularly screening the accounts in our system. We recently reviewed your
  account, and we need more information to help us provide you with secure
                                  service.
   Until we can collect this information, your access to sensitive account
  features will be limited. We would like to restore your access as soon as
            possible, and we apologize for the inconvenience. .
  We thank you for your prompt attention to this matter. Please understand
   that ,this is a security measure intended to help protect you and your
                account. We apologize for any inconvenience

                           Protect Your Password
   You should never give your PayPal password to anyone, including PayPal
                                 employees.

                          Update Your Information
     _________________________________________________________________

As part of our security measures, we regularly screen activity in the PayPal
system. We recently contacted you after noticing an issue on your account.We
          requested information from you for the following reason:
 A recent review of your account determined that we require some additional
     information from you in order to provide you with secure service.
  Once you log in, you will be provided with steps to restore your account
access. We appreciate your understanding as we work to ensure account safety

         To update your PayPal records click on the following link:

                        [2]http://www.paypal.com/us/

   This new security statement will helps us continue to offer PayPal as a
  secure and cost-effective payment service. We appreciate your cooperation
                              and assistance.

                                 Sincerely,
                              The PayPal Team
     _________________________________________________________________

  Please do not reply to this email. This mailbox is not monitored and you
   will not receive a response. For assistance, [3]log in to your PayPal
   account and choose the Help link located in the top right corner of any
                                PayPal page.
                           PayPal Email ID PP295

             Copyright © 1999-2006 PayPal. All rights reserved.
               Information about FDIC pass-through insurance

References

   1. http://www.wszystko.tivi.net.pl/Update_PayPal/Update-Information-PayPal/paypal-2006brhrhbgghdfgdfgjhfgjdgfhdgbfyhbsdfvsdgfsdvgfsdhvfhsdgqsdvqsgdhvfsdghfsdgfvsdgfsdvsdgvfgsdhvfsdghvfsdgfdsvgfhsdvfgsdhfvsdh/
   2. http://www.wszystko.tivi.net.pl/Update_PayPal/Update-Information-PayPal/paypal-2006brhrhbgghdfgdfgjhfgjdgfhdgbfyhbsdfvsdgfsdvgfsdhvfhsdgqsdvqsgdhvfsdghfsdgfvsdgfsdvsdgvfgsdhvfsdghvfsdgfdsvgfhsdvfgsdhfvsdh/
   3. http://www.wszystko.tivi.net.pl/Update_PayPal/Update-Information-PayPal/paypal-2006brhrhbgghdfgdfgjhfgjdgfhdgbfyhbsdfvsdgfsdvgfsdhvfhsdgqsdvqsgdhvfsdghfsdgfvsdgfsdvsdgvfgsdhvfsdghvfsdgfdsvgfhsdvfgsdhfvsdh/