Print | Send on Yahoo! | PDF version | RSS | Filed Under: ALERTS

UK and US customers of PayPal™, Abbey and Halifax beware

UK and US customers of PayPal™, Abbey and Halifax beware

The latest phishing campaign targeting e-banking and e-payment customers features several malicious components. First, the unsolicited message that disseminates the malware purports to deliver the ultimate Open Source Antivirus Solution, asking the users to visit a Web page where they can download the product.

However, upon clicking the link, the user does not receive the promised security suite, but a fake executable - setup.exe - which is, in effect, a self-extracting archive. Its purpose is to replace the content of C:\WINDOWS\System32\drivers\etc and to alter the Web browser's behavior, by automatically loading maliciously crafted pages for phishing purposes of PayPal, Abbey and Halifax.

Each time the user types in his or her browser the address belonging to one of these financial institutions, he or she is automatically redirected towards the fake pages. Here, the log in credentials (user name, password, security code) and other sensitive data (first and last name, complete home and e-mail address, credit card number, expiration date, Card Verification Code, and even PIN) are pilfered using PHP scripts. All other menu options available on each page redirect the user towards the appropriate sections of the genuine Web site. The analysis revealed that the bogus Web pages load from domains registered in China and Korea.