[Dshield] New Paypal Scam

Jason Baker jbaker at filosafe.com
Thu Jan 15 03:30:25 GMT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On January 14, 2004 06:52 pm, Mrcorp wrote:
> OK, now this one has to take the cake for something...  Paypal is
> offering all this, and send it to all your friends?!?!  I love this
> stuff!!!  There was an executable attached that I have not yet
> looked at.  I hope you all enjoy this as much as I did!

I must be on the same spam list you are - I got it just before your 
message came in from the list. :)

A quick glance at the strings in the .exe inside the .zip show that it 
looks like it's a bootstrap trojan, grabbing more code from 
http://w.aquarium-fish.ru/ppa.bin

That's responding with a 503 though.  Pity, I was feeling like playing 
forensic pathologist on some spamware tonight.

Jason

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFABglVkPEFhVei73QRAvC4AJwMZY8T5k3g199MFbB4o918OXpTfwCfWw2O
k2wLahl9dZl1PUBH+Btnqns=
=PgmE
-----END PGP SIGNATURE-----




More information about the list mailing list