Jon Geb
Wal-Mart Sucks
join:2001-01-09
Howell, MI
| So I keep getting this paypal email I keep getting this email OVER and OVER. It comes with an attached EXE file as well. Whats the deal? Any clues?
Dear PayPal user,
We are currently performing regular maintenance of our security
measures. Your account has been randomly selected for this
maintenance, and you will now be taken through a series of identity
verification pages. Protecting the security of your
PayPal account is our primary concern, and we apologize for any
inconvenience this may cause.
We recently received a report of unauthorized credit card use
associated with this account. As a precaution, we have
limited access to you PayPal account in order to protect against future
unauthorized transactions.You can check your
transaction details in attachment.
Case ID Number: PE-901-449-020
Please understand that this is a security measure intended to help
protect you and your account.
Thank you,
PayPal Billing Center. | |
|
 
CruiserMD
Premium
join:2003-04-26
Beltsville, MD | Re: So I keep getting this paypal email Ive gotten the same e-mail a few times. Im pretty sure its a physhing scam. Dont click on the link. | |
|
mmainprize
join:2001-12-06
Houghton Lake, MI
| This is a fake e-mail, PayPal did not send it.
If you check the source code you will see that the link will not be to a real PayPal site. Of course if it has an .exe attached then is has a payload and is most likly a visurs or trogan horse of some sort.
Just delete them | |
|
B
Premium,MVM
join:2000-10-28
| Of course it's a worm; some poor sap has you in his or her address book.
There's actually a live sample on a mailing list that I was able to Google up rather quickly based on your text (xml.org) -- AVG identifies it as Downloader.Agent.ASQ, which appears to be the same as Delf -- »www.sophos.com/virusinfo/analyse···asq.html
Just don't go near the attachments, and keep your antivirus program up to date.
-- B
--
In a realm outside causality and function | |
|
mdoc1
join:2005-11-18
U.S.A. | Forward the email to spoof@paypal.com so they'll know about it. | |
|
B
Premium,MVM
join:2000-10-28
| Here's what »virusscan.jotti.org had to say:
Packers detected:
FSG
Scanner results
AntiVir
Found Trojan/Dldr.Agent.YU
ArcaVir
Found Trojan.Downloader.Agent.Yu
Avast
Found Win32:Trojano-2816
AVG Antivirus
Found Downloader.Agent.ASQ
BitDefender
Found Trojan.Downloader.Agent.YU
ClamAV
Found Trojan.Downloader.Agent-205
Dr.Web
Found Trojan.DownLoader.5239
F-Prot Antivirus
Found W32/Downloader.JUU
Fortinet
Found W32/Clagger.A-dldr
Kaspersky Anti-Virus
Found Trojan-Downloader.Win32.Agent.yu
NOD32
Found Win32/TrojanClicker.Small.GP
Norman Virus Control
Found W32/DLoader.LZM
UNA
Found nothing
VBA32
Found Trojan-Downloader.Win32.Agent.yu FYI. Interestingly, none of these identify it as part of a worm; one might assume that either (a) this is a directed attack against you or more likely (b) it's a new worm using ASQ as its seed.
-- B
--
In a realm outside causality and function | |
|
|
|
|
