December 5, 2008 - 10:16am
PayPal, an online payment system, has been found sending fake e-mails, looking similar to its log-in page.
Security experts state, fake e-mails are hard to recognize unless the recipients, PayPayl’s customers in this case, take a close look at them. The difference that those emails make is that they contain a .ZIP attachment in comparison to usual PayPal e-mail messages that would ask the recipients to go through a link included and enter personal information. The text of the new e-mail informs recipients about some hacking actions having affected their PayPal accounts, and asks them to open the .ZIP file that is “a report, sent in order to provide assistance of the company on the hacking".
Consequently, opening the file the recipient’s system gets attacked by a malicious worm. The worm has been identified as WORM_POISON.LA by Trend Micro. It follows routines that resemble to infamous Peer-to-Peer (P2P) file-sharing application called Kazaa.
Another threat caused by the company is a link to secure.uninitialized.real.error.com which is included in official e-mails sent to its customers for confirming recent payments. The news reported that PayPal has called this link an official address to avail the service. Recipients would have to configure their systems to read the e-mail, as HTML failed to recognize the authenticity of the link.
eBay, the parent company of PayPal, spokesman, Michael Oldenburg, wrote in an e-mail that the confusion happened due to an internal error in PayPal that was already corrected on November 18, 2008.
PayPal has been continuously attacked in the past few months.
Security experts state, fake e-mails are hard to recognize unless the recipients, PayPayl’s customers in this case, take a close look at them. The difference that those emails make is that they contain a .ZIP attachment in comparison to usual PayPal e-mail messages that would ask the recipients to go through a link included and enter personal information. The text of the new e-mail informs recipients about some hacking actions having affected their PayPal accounts, and asks them to open the .ZIP file that is “a report, sent in order to provide assistance of the company on the hacking".
Consequently, opening the file the recipient’s system gets attacked by a malicious worm. The worm has been identified as WORM_POISON.LA by Trend Micro. It follows routines that resemble to infamous Peer-to-Peer (P2P) file-sharing application called Kazaa.
Another threat caused by the company is a link to secure.uninitialized.real.error.com which is included in official e-mails sent to its customers for confirming recent payments. The news reported that PayPal has called this link an official address to avail the service. Recipients would have to configure their systems to read the e-mail, as HTML failed to recognize the authenticity of the link.
eBay, the parent company of PayPal, spokesman, Michael Oldenburg, wrote in an e-mail that the confusion happened due to an internal error in PayPal that was already corrected on November 18, 2008.
PayPal has been continuously attacked in the past few months.