Romanian website attempts to steal password data
A new phishing attack is targeting PayPal users, redirecting them to a fake site in an attempt to collect password details.
Websense Security Labs has reported the problem which begins with a spoofed email message that provides a link to download the executable ‘PayPal security tool’ file.
The executable, named ‘PayPal-2.5.200-MSWin32-x86-2005.exe’, is a Trojan Horse which modifies the DNS server of the local workstation and then deletes itself. All future requests are then transparently redirected to a bogus website.
This same DNS server could also be used to redirect requests for additional websites, but currently appears to redirect only PayPal subscribers.
Full story: vnunet.com
