Trojan-Spy.HTML.Paylap.bg

Материал из Total Malware Info

Trojan-Spy.HTML.Paylap.bg Программа-шпион, предназначенная для похищения конфиденциальной информации. Является HTML веб-страницой. Имеет размер 4 788 байт.

Деструктивная активность

Данный вредоносный объект используется для фишинг атак на пользователей системы PayPal и распространяется в спам рассылке. При открытии данной веб страницы пользователю отображается фальшивое сообщение от службы поддержки PayPal следующего содержания:

Dear valued PayPal® member:



PayPal® is committed to maintaining a safe environment for its community of
buyers and sellers. To protect the security of your account, PayPal employs
some of the most advanced security systems in the world and our anti-fraud
teams regularly screen the PayPal system for unusual activity.

Recently, our Account Review Team identified some unusual activity in your
account. In accordance with PayPal's User Agreement and to ensure that your
account has not been compromised, access to your account was limited. Your
account access will remain limited until this issue has been resolved. This
is a fraud prevention measure meant to ensure that your account is not
compromised.

In order to secure your account and quickly restore full access, we may
require some specific information from you for the following reason:

We would like to ensure that your account was not accessed by an
unauthorized third party. Because protecting the security of your account
is our primary concern, we have limited access to sensitive PayPal account
features. We understand that this may be an inconvenience but please
understand that this temporary limitation is for your protection.

Case ID Number: PP-040-187-541

We encourage you to log in and restore full access as soon as possible
Should access to your account remain limited for an extended period of
time, it may result in further limitations on the use of your account.

However, failure to restore your records will result in account suspension.
Please update your records as soon as possible!

Once you have updated your account records, your PayPal session will not be
interrupted and will continue as normal.

To update your Paypal records click on the following link:


https://www.******.com/cgi-bin/webscr?cmd=_login-run
 

Thank you for your prompt attention to this matter. Please understand that
this is a security measure meant to help protect you and your account. We
apologize for any inconvenience.


Sincerely,
PayPal® Account Review Department



PayPal Email ID PP522
                               

Accounts Management As outlined in our User Agreement, PayPal will
periodically send you information about site changes and enhancements.

Visit our Privacy Policy and User Agreement if you have any questions.
http://www.******.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside

В сообщении говорится о том что учетная запись пользователя заблокирована в связи с несанкционированным доступом к ней сторонними лицами и требует активации для продолжения работы. Для активации пользователю предлагают перейти по ссылке, которая указывает на подставной сайт злоумышленников:

http://www.pp*******ty.com/

где пользователю будет предложено ввести реквизиты своей учетной записи, которые затем отправятся злоумышленникам.