The Latest in IT Security

PayPal Spam / teloexpressions.org

24
Jul
2012

These fake PayPal spams lead to malware on teloexpressions.org:

Date:      Tue, 24 Jul 2012 18:06:49 +0330
From:      “Allan Marquez” <[email protected]>
Subject:      Paypal has sent you a bank transfer.

<tr ==”” valign=”top”>
<table ==”” border=”0″ cellpadding=”0″ cellspacing=”0″ width=”100%”>

We are moving funds from Your Paypal account to your bank account.

Total amount transferred     $ 131.54
Bank account     BANK OF AMERICA
Transaction ID     59566237893344612

<div style=”text-align: center;” class=”footerLinks” 5px=”” 0;=”” padding:=””>Help Center Resolution Center Security Center

Please don’t reply to this email. It’ll just confuse the computer that sent it and you won’t get a response.

Copyright 2012 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131.

==========

Date:      Tue, 24 Jul 2012 11:33:00 -0300
From:      “Jody Wade” <[email protected]>
Subject:      Paypal transfer to your bank account initiated.

<tr ==”” valign=”top”>
<table ==”” border=”0″ cellpadding=”0″ cellspacing=”0″ width=”100%”>

We are transferring funds from Your Paypal account to your bank account.

Total amount transferred     $ 944.68
Bank account     BANK OF NORTH CAROLINA
Transaction ID     67081555155766933

<div style=”text-align: center;” class=”footerLinks” 5px=”” 0;=”” padding:=””>Help Center Resolution Center Security Center

Please don’t reply to this email. It’ll just confuse the computer that sent it and you won’t get a response.

Copyright 2012 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131.

==========

Date:      Tue, 24 Jul 2012 11:10:58 -0300
From:      “Evan Battle” <[email protected]>
Subject:      We have sent you a bank transfer.

<tr ==”” valign=”top”>
<table ==”” border=”0″ cellpadding=”0″ cellspacing=”0″ width=”100%”>

We are sending funds from Paypal to your bank account.

Total amount transferred     $ 123.59
Bank account     CITYBANK
Transaction ID     55273357044211327

<div style=”text-align: center;” class=”footerLinks” 5px=”” 0;=”” padding:=””>Help Center Resolution Center Security Center

Please don’t reply to this email. It’ll just confuse the computer that sent it and you won’t get a response.

Copyright 2012 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131.

==========

Date:      Tue, 24 Jul 2012 19:15:46 +0530
From:      “[email protected]” <[email protected]>
Subject:      Paypal transfer to your bank account initiated.

<tr ==”” valign=”top”>
<table ==”” border=”0″ cellpadding=”0″ cellspacing=”0″ width=”100%”>

We are moving funds from Paypal to your bank account.

Total amount transferred     $ 425.21
Bank account     BANK OF NORTH CAROLINA
Transaction ID     17744199446279262

<div style=”text-align: center;” class=”footerLinks” 5px=”” 0;=”” padding:=””>Help Center Resolution Center Security Center

Please don’t reply to this email. It’ll just confuse the computer that sent it and you won’t get a response.

Copyright 2012 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131.

==========

Date:      Tue, 24 Jul 2012 09:45:45 -0400
From:      “[email protected]” <[email protected]>
Subject:      Paypal has sent you a bank transfer.

<tr ==”” valign=”top”>
<table ==”” border=”0″ cellpadding=”0″ cellspacing=”0″ width=”100%”>

We are moving funds from Your Paypal account to your bank account.

Total amount transferred     $ 191.22
Bank account     CITYBANK
Transaction ID     64722827521858421

<div style=”text-align: center;” class=”footerLinks” 5px=”” 0;=”” padding:=””>Help Center Resolution Center Security Center

Please don’t reply to this email. It’ll just confuse the computer that sent it and you won’t get a response.

Copyright 2012 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131.

The malicious payload is at [donotclick]teloexpressions.org/main.php?page=9aca5bbc34d3ebd6 (report here) hosted on 221.131.129.200 which we have seen before and is definitely worth blocking.

Leave a reply


Categories

SATURDAY, APRIL 21, 2018

Featured

Archives

Latest Comments

Social Networks