반응형
해외 온라인 결제 시스템 Paypal에서 보낸 이메일로 위장한 피싱 메일을 확인하였습니다.
현재 해당 이메일을 열면 Kaspersky 엔진에서 Trojan-Spy.HTML.Fraud.gen으로 진단을 하고 있습니다.
| Antivirus | Version | Last Update | Result |
| AhnLab-V3 | 2008.11.1.0 | 2008.11.03 | - |
| AntiVir | 7.9.0.10 | 2008.11.03 | - |
| Authentium | 5.1.0.4 | 2008.11.04 | - |
| Avast | 4.8.1248.0 | 2008.11.03 | - |
| AVG | 8.0.0.161 | 2008.11.03 | - |
| BitDefender | 7.2 | 2008.11.04 | - |
| CAT-QuickHeal | 9.50 | 2008.11.03 | - |
| ClamAV | 0.94.1 | 2008.11.03 | - |
| DrWeb | 4.44.0.09170 | 2008.11.04 | - |
| eSafe | 7.0.17.0 | 2008.11.03 | - |
| eTrust-Vet | 31.6.6187 | 2008.11.03 | - |
| Ewido | 4.0 | 2008.11.03 | - |
| F-Prot | 4.4.4.56 | 2008.11.04 | - |
| F-Secure | 8.0.14332.0 | 2008.11.04 | Trojan-Spy.HTML.Fraud.gen |
| Fortinet | 3.117.0.0 | 2008.11.03 | - |
| GData | 19 | 2008.11.04 | - |
| Ikarus | T3.1.1.45.0 | 2008.11.04 | - |
| K7AntiVirus | 7.10.515 | 2008.11.03 | - |
| Kaspersky | 7.0.0.125 | 2008.11.04 | Trojan-Spy.HTML.Fraud.gen |
| McAfee | 5422 | 2008.11.02 | - |
| Microsoft | 1.4005 | 2008.11.04 | - |
| NOD32 | 3580 | 2008.11.04 | - |
| Norman | 5.80.02 | 2008.11.03 | - |
| Panda | 9.0.0.4 | 2008.11.03 | - |
| PCTools | 4.4.2.0 | 2008.11.03 | - |
| Prevx1 | V2 | 2008.11.04 | - |
| Rising | 21.02.02.00 | 2008.11.03 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.11.03 | - |
| Sophos | 4.35.0 | 2008.11.04 | - |
| Sunbelt | 3.1.1777.2 | 2008.11.03 | - |
| Symantec | 10 | 2008.11.04 | - |
| TheHacker | 6.3.1.1.138 | 2008.11.04 | - |
| TrendMicro | 8.700.0.1004 | 2008.11.03 | - |
| VBA32 | 3.12.8.9 | 2008.11.03 | - |
| ViRobot | 2008.11.3.1449 | 2008.11.03 | - |
| VirusBuster | 4.5.11.0 | 2008.11.03 | - |
| Additional information | |||
| File size: 12917 bytes | |||
| MD5...: 70b150cd6dd0e9976bf336ee2883affa | |||
| SHA1..: 4e1a510165338e6ef59cfbce7eb01d75633e9163 | |||
해당 이메일의 내용은 다음과 같습니다.
Protect Yourself from Fraud!
Dear user,
We have noticed an increasing fraudulent activity recently. In order to provide your security and protect you from fraudsters we have introduced a new system of identification that will help us to avoid any kind of fraud or unauthorised access.
To complete your Anti-Fraud Protection, you must click the link below and enter as more information as possible to provide your complete identification and to activate all the features of the new system.
hxxp://secure.paypal.com.session-71542956174395454331.02014937157663183242.{제거}.ru
Please do not reply to this email. This mailbox is not monitored and you will not receive a response.
Copyright 1999-2008 PayPal. All rights reserved.
Consumer advisory- PayPal Pte. Ltd., the holder of PayPal's stored value
facility, does not require the approval of the Monetary Authority of Singapore.
Users are advised to read the terms and conditions carefully.
PayPal Email ID PP070
Dear user,
We have noticed an increasing fraudulent activity recently. In order to provide your security and protect you from fraudsters we have introduced a new system of identification that will help us to avoid any kind of fraud or unauthorised access.
To complete your Anti-Fraud Protection, you must click the link below and enter as more information as possible to provide your complete identification and to activate all the features of the new system.
hxxp://secure.paypal.com.session-71542956174395454331.02014937157663183242.{제거}.ru
Please do not reply to this email. This mailbox is not monitored and you will not receive a response.
Copyright 1999-2008 PayPal. All rights reserved.
Consumer advisory- PayPal Pte. Ltd., the holder of PayPal's stored value
facility, does not require the approval of the Monetary Authority of Singapore.
Users are advised to read the terms and conditions carefully.
PayPal Email ID PP070
대략적인 내용은 최근 Paypal을 악용한 피싱 활동이 증가하고 있어서 이에 대비한 새로운 시스템을 위해서는 Paypal의 자신의 정보를 제출하라는 이메일입니다.
위와 같이 이메일에서 요구하는 링크를 통해 해당 서비스 계정 정보를 입력할 경우 공격자에게 정보가 그대로 노출이 되도록 구성되어 있습니다.
언제나 이메일을 통한 다이렉트 링크는 믿지 마시고 반드시 수동적으로 접근하시기 바랍니다.
728x90
반응형