Paypal malware modifies hosts file

« previous next »

Print

Pages: [1] Go Down

Author Topic: Paypal malware modifies hosts file (Read 3886 times)

0 Members and 1 Guest are viewing this topic.

March 31, 2010, 05:06:50 pm

Read 3886 times

SysAdMini

Administrator
Hero Member
Offline
3335

Paypal malware modifies hosts file

Someone reported malware on

esdem.net/updatePayPal.scr
This malware modifies hosts file and adds these entries.

206.217.196.222 www.paypal.com
206.217.196.222 paypal.com
206.217.196.222 www.paypal.com.au
206.217.196.222 paypal.com.au

Then it opens Paypal page in a new browser window.

Detection is low. VT 5/42

http://www.virustotal.com/analisis/6fd5fdb3ae861dd4bebbf7f00bf084e0799d5513364cbcff597782823f09a1d9-1270054871

http://camas.comodo.com/cgi-bin/submit?file=6fd5fdb3ae861dd4bebbf7f00bf084e0799d5513364cbcff597782823f09a1d9

http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=12058167&cs=B3BD81C17CC5A5C62A9DC2921D8A775D

Logged

Ruining the bad guy's day

April 01, 2010, 02:46:52 pm

Reply #1

Evilcry

Special Access
Jr. Member
Offline
39

Re: Paypal malware modifies hosts file

Hi,

Just reversed this malicious application, here the link:

http://evilcodecave.blogspot.com/2010/04/paypal-malware-fake-update-analysis.html

Regards,
Giuseppe 'Evilcry' Bonfa'

Logged

Deep Root Never Freezes - Tolkien

Print

Pages: [1] Go Up

« previous next »

SMF 2.0.19 | SMF © 2021, Simple Machines
Aqua Style by Diego Andrés
XHTML
RSS
WAP2

Page created in 0.118 seconds with 24 queries.