199). PayPal - HTML.Phishing.Bank-28
This email targets customers of PayPal.
Message Details
| Malware Name: | HTML.Phishing.Bank-28 |
| Origin: |  United States |
| Date first seen: | 17/07/2006 15:30:08 |
| Number seen: | 160 |
| Date last seen: | 21/03/2007 05:00:29 |
| From: | "service@paypal.com" <service@paypal.com> |
| Subject: | Important Notification |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
15/08/2006 13:25:31 | 16/08/2006 05:01:47 |  202.29.15.178 |
http://3390902194/.index.html | |
|
http://3684745741:20/webscr/index.php |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
[1][paypal_logo.gif]
[pixel.gif]
Dear valued PayPal^® member:
It has come to our attention that your PayPal^® account information needs to
be
updated as part of our continuing commitment to protect your account and to
reduce the instance of fraud on our website. If you could please take 5-10
minutes
out of your online experience and update your personal records you will not
run into
any future problems with the online service.
However, failure to update your records will result in account suspension.
Please update your records on or before July 23, 2006.
Once you have updated your account records, your PayPal^® session will not
be
interrupted and will continue as normal.
To update your PayPal^® records click on the following link:
[2]http://www.paypal.com/cgi-bin/webscr?cmd=_login-run
Thank You.
PayPal^® UPDATE TEAM
Accounts Management As outlined in our User Agreement, PayPal^® will
periodically send you information about site changes and enhancements.
Visit our Privacy Policy and User Agreement if you have any questions.
[3]http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside
References
1. http://3390902194/.index.html
2. http://3684745741:20/webscr/index.php?www.paypal.com/cgi-bin/webscr?cmd=_login-run=update.user.8djjjgu7d86t4rwkjge8r7f932hh4378hgwfg8rfgo7gft7e6gf34grt793tgw6grt97873gf73762346rf327rgg9f6g37fg23g6f23riholgbklerk36tgfier6f?
3. http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside
Additional Examples