Jump to content


Photo

Paypal and other password stealer help!!


  • Please log in to reply
6 replies to this topic

#1 NYDesi80

NYDesi80

    Member

  • New Member
  • Pip
  • 4 posts

Posted 01 June 2004 - 01:36 PM

Ok guys I'm freaking out here because I believe a password stealing spyware program has been installed on my computer now due to a fraudulent email that was sent out, masking itself to be from Paypal. First the email was sent from an address called 'Service@paypal.com' making it look legit but paypal has told me that its not legit.

Second the link that was there read ' www.paypal.com/longin=run" but when I clicked on it, you could clearly see the computer loaded somethign up in the backround and quickly closed itself within a matter of seconds. Then when I tried to right click - properties from the link the only option I got from right clicking was 'select all'.

But when i moved my mouse over the link a small popup window comes up with the real web address it goes to. This is what I got from that pop up window :

http://80.25.111.151...hide/index2.htm

Now I really dont know what to do, cuz paypal didnt really help me too much and Im worried cuz all my info is in there. One of my friends suggested this forum due to knowledgeable people. so Im hoping I can get some answers.

Also one more thing, I ran adaware and spybot right after and they removed a couple of objects out of which 3 of them were executables. I dont know if this means ne thing ... but someone please help!!

Thanx!

#2 QuasiMojo

QuasiMojo

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 01 June 2004 - 08:08 PM

The purpose of the e-mail is to TRICK you to give up your PayPal password. Once you sense something is wrong, don't go any further.

The scam artist just goes "phishing" and sends fake PayPal notices to a hundred people, even though only eight might be PayPal users. If even one out of eight falls for it, the scammer is way ahead.

Did you fill out the fake form with your PayPal info? If you didn't, they don't have your information, like your PayPal password, so relax.

By the way, didn't you read PayPal's advisory when you signed up that they would never ask you for your info like this?

PS - If your name is Joe Bloggs any valid e-mail from PayPal starts with "Dear Joe Bloggs," whereas the phony is always addressed to "Dear PayPal User" or somesuch nonspecific form of address.

Edited by QuasiMojo, 01 June 2004 - 08:26 PM.


#3 NYDesi80

NYDesi80

    Member

  • New Member
  • Pip
  • 4 posts

Posted 01 June 2004 - 10:19 PM

Yeah I know what you are talking about. I've seen that on my buddy's computer where the link would direct you to a webpage looking exactly like paypal would open up and it would ask you for personal information.

But what scares me about this email is that it wasn't any webpage that opened up instead, the when clicked on, it looked like somethign opened up in the backround and then immediately terminated. As if a small program was launched and executed. A program like a password stealer. This is what I fear and haven't logged into paypal at all today on this computer, I want to be 100% sure that I dont have any password stealers before I do log back in.

#4 QuasiMojo

QuasiMojo

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 02 June 2004 - 04:57 AM

But what scares me about this email is that it wasn't any webpage that opened up instead, the when clicked on, it looked like something opened up in the backround and then immediately terminated.  As if a small program was launched and executed.  A program like a password stealer.  This is what I fear and haven't logged into paypal at all today on this computer, I want to be 100% sure that I dont have any password stealers before I do log back in.

Sounds like you want to scan your system for keyloggers. I never thought about doing that, since I have no reason to suspect I've been infected.

Yesterday, by sheer coincidence, I ran the free security check provided on the Symantec home page. I used it once before when I first built my system nearly three years ago, but I just switched to AVG Antivirus after my Norton subscription expired, so I was curious to see what Symantec would say. My system passed with flying colors.

Have you ever tried it?

(www.symantec.com, -> look in the middle of their homepage.)

#5 real_wiseman

real_wiseman

    Member

  • New Member
  • Pip
  • 1 posts

Posted 02 June 2004 - 09:03 AM

I checked the link out with an intercepting local web-proxy to see what it really did.

The link index2.htm contains very little, it seems to load the page "sysdll.php" with the following code: (I have replaced the "more than/less than" signs with *(* resp. *)* since the board probably won't honour my post otherwise...

*(*body onLoad="closeMe();MM_openBrWindow('sysdll.php','ini','toolbar=yes,location=no,status=no,menubar=yes,scrollbars=no,resizable=yes,wi
th=1024,height=768')"*)*
*(*/body*)*


The file sysdll.php contains the following snippet, which I *think* tries to call for a helper object (?), but I am no web-coder so don't take this at face value:

*(*META http-equiv=Content-Type
content="text/html; charset=windows-1252"*)*
*(*HTA:APPLICATION id=oHTA VERSION="1.0"
APPLICATIONNAME="AmPost" BORDER="thin" BORDERSTYLE="normal" CAPTION="yes"
CONTEXTMENU="no" ICON="yes" INNERBORDER="yes" MAXIMIZEBUTTON="no"
MINIMIZEBUTTON="no" NAVIGABLE="yes" SCROLL="no" SCROLLFLAT="yes" SELECTION="yes"
SHOWINTASKBAR="yes" SINGLEINSTANCE="yes" SYSMENU="yes" WINDOWSTATE="normal" /*)*

Anybody can shed som light on what "AmPost" is?

// W

#6 NYDesi80

NYDesi80

    Member

  • New Member
  • Pip
  • 4 posts

Posted 02 June 2004 - 11:34 AM

Yeah I barely understand anything that you had posted up about the codes and stuff. I guess I just wanna know if there is a password steeling program waiting for me to login to paypal to get my account info?

I haven't tried the symantec website, I'm going to do that in a few. SOrry for the stupid question, but what is a system key logger?

#7 NYDesi80

NYDesi80

    Member

  • New Member
  • Pip
  • 4 posts

Posted 03 June 2004 - 12:45 PM

Anyone?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button