Security home

 

Home / malwarePDF  

TrojanSpy:JS/Paylap.B


First posted on 19 June 2012.
Source: Microsoft

Aliases :

TrojanSpy:JS/Paylap.B is also known as PWS:HTML/Phish.X (other), JS/Phish (AVG), Mal/Phish-A (Sophos).

Explanation :



TrojanSpy:JS/Paylap.B is detection for JavaScript within a webpage that can imitate the logon for the financial site PayPal and steal your login details.



Installation

This trojan is encountered when browsing to a webpage that hosts the JavaScript. When viewed, Paylap displays a request for information, such as the following:



If you enter details and click "Agree and submit", the details are submitted to one of many servers for collection by an attacker. We observed the following to be a (non-comprehensive) list of servers used to collect your sensitive information:

  • testsite.sircon.net/wordpress/wp-content/themes/markedet-mobil/<deleted>.php
  • connectonlive.x10.mx/<deleted>.php
  • easycoway.com/<deleted>.php
  • easyss-go.com/<deleted>.php
  • chasecleaningservice.com/images/<deleted>.php
  • 12.33.205.226/<deleted>.php
  • easyback-go.com/<deleted>.php
  • paypal.co.uk.restore-your-account39481272121.clientforums2012.com/<deleted>.php
  • pwip.org/<deleted>.php
  • uichangfc.com/bbs/skin/ggambo7002_board/config/<deleted>.php
  • sportromanesc.ro/wp-content/plugins/akismet/<deleted>.php
  • giftflight.com/cp/Scripts/images/<deleted>.php
  • lss.org/<deleted>.php
  • 188.93.19.198/.co.uk/<deleted>.php
  • easyvv-go.com/<deleted>.php
  • 82.194.8.62/<deleted>.php
  • scopri-nuovacampagna.com/<deleted>.php
  • gicagicamica.com/<deleted>.php
  • 91.147.160.169/<deleted>.php
  • 93.95.216.139/comunica/movie/silvia/<deleted>.php
  • 58.64.174.133/bill/xml/<deleted>.php
  • selected-customers.com/<deleted>.php
  • uichangfc.com/bbs/skin/ggambo7002_board/config/<deleted>.php
  • easygo-hoe.com/<deleted>.php
Additional information

PayPal is an online site used to buy and sell goods and services. Each PayPal account uses a funding source such as your bank account or credit card.



Analysis by Hyun Choi

Last update 19 June 2012

 

TOP

Malware :

Family: