Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Possible PayPal security problem

from [zelyah zub] Network Security [Permanent Link]
Subject: Re: Possible PayPal security problem
Date: Thu, 20 Dec 2007 10:12:51 +0000 
On Dec 19, 2007 9:49 PM, Fabio Fagundes <fabio.fagundes@gmail.com> wrote:

Hi all,

nslookup paypal.com :
66.211.168.65
66.211.168.97
66.211.168.193
66.211.168.209

Reverse resolution seems to be  fine too... 1st & 2nd resolve to
www.paypal.com and the 3rd & 4th to
node-66-211-168-(193;209).networks.paypal.com.


That sounds like the most probable solution. I do not believe that
Paypal, being a target for attacks many times in the past, would ever
ask you to "verify your identity" by entering your credit card
details.

There are many banking Trojans that try to insert themselves as
Layered Service Providers, intercept the traffic and inject HTML into
pages and then send sensitive data to the malware writers. Since you
had the same behaviour with Firefox and IE it is not a usual BHO
(browser helper object) attack.

I would suspect that the email is also fake (you should try looking at
the raw source of the email and try to find the originator of the
message, although that can be spoofed as well).

Finally it is probably best to report this potential attack yourself.
But before you do this I would download a bootable Linux distribution
such as Knoppix and submit the query after booting from it, to make
sure that the malware is not actively running in memory.

Oh, don't forget to use up-to-date anti-virus software, although that
is not a guarantee that the malware will be detected and removed.
Ultimately (and I hate saying this), backup all your data (and just
data) and re-install the system from scratch.

Cheers,
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Possible PayPal security problem, jfvanmeter
Next by Date:  Measuring failover time from a link failure, Matthias Merk
Previous by Thread:  Re: Possible PayPal security problem, Fabio Fagundes
Next by Thread:  Re: Possible PayPal security problem, Michael Painter
Indexes:  [Date] [Thread] [Top] [All Lists]