Home / malware PWS:HTML/Phish.T
First posted on 17 February 2012.
Source: MicrosoftAliases :
PWS:HTML/Phish.T is also known as PHISH/Paypal.AA (Avira), Mal/Phish-A (Sophos).
Explanation :
PWS:HTML/Phish.T is an HTML file that imitates the legitimate PayPal website to steal user account information.
Top
PWS:HTML/Phish.T is an HTML file that imitates the legitimate PayPal website to steal user account information.
The fake PayPal website may appear similar to the following:
Because the page looks similar to the legitimate PayPal website, a user may unsuspectingly fill out all the information in the page. If "Save Profile" is clicked, the following user information is sent to a remote attacker:
- Email address
- Credit card information
- PayPal password
- Physical address
- Social security number (SSN) if the user resides in the US
In the wild, the stolen information has been observed to be sent to the following URL:
- yqrrhqmqkqqqpbqdrhhllpplhkqbqqab<removed>phlplhplshlpl.zuprionaskoliliasnoxikcmrnmn.ru
Analysis by Hyun Choi
Last update 17 February 2012
