NOW READ THIS
("Security Advisory")
| Go Back |
Submitted by: Bill Hickey
NCVA List Master
NRT-0267 New Trojan for PayPal Accounts:
PayRob.A is a new Trojan designed to steal data from PayPal accounts. If the targeted user is tricked into running the file carrying PayRob.A, the Trojan gives itself hidden file attributes and modifies the Windows Registry to ensure it is run whenever the system is restarted. The Trojan creates two files on the infected computer in the temporary Internet files folder and in C:\WINDOWS\MSAPPS\. If the latter folder is not found on the system, an error message is displayed. It also copies a file called "modeexpinovo.txt" to the temporary Internet files folder, which stores all of the PayPal passwords that it finds on the affected system. This file can then be remotely accessed by hackers.
(www.net-security.org 27JUL07)