paypalscam
04-16-2005, 04:46 AM
DD source html this is ecactly what I uncovered:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>PayPal-Log In-</TITLE>
<SCRIPT language=JavaScript1.2>
<!--
/*
Auto Maximize Window Script- By Nick Lowe (nicklowe@ukonline.co.uk)
For full source code, 100's more free DHTML scripts, and Terms Of Use
Visit http://www.dynamicdrive.com
*/
top.window.moveTo(0,0);
if (document.all) {
top.window.resizeTo(screen.availWidth,screen.availHeight);
}
else if (document.layers||document.getElementById) {
if (top.window.outerHeight<screen.availHeight||top.window.outerWidth<screen.availWidth){
top.window.outerHeight = screen.availHeight;
top.window.outerWidth = screen.availWidth;
}
}
//-->
</SCRIPT>
<META http-equiv=Content-Type
content="text/html; charset=windows-1252"><HTA:APPLICATION id=oHTA VERSION="1.0"
APPLICATIONNAME="AmPost" BORDER="thin" BORDERSTYLE="normal" CAPTION="yes"
CONTEXTMENU="no" ICON="yes" INNERBORDER="yes" MAXIMIZEBUTTON="no"
MINIMIZEBUTTON="no" NAVIGABLE="yes" SCROLL="no" SCROLLFLAT="yes" SELECTION="yes"
SHOWINTASKBAR="yes" SINGLEINSTANCE="yes" SYSMENU="yes" WINDOWSTATE="normal" />
<STYLE>BODY {
BORDER-RIGHT: medium none; BORDER-TOP: medium none; FONT-SIZE: 8pt; MARGIN: 0px; BORDER-LEFT: medium none; BORDER-BOTTOM: medium none; FONT-FAMILY: Arial; BACKGROUND-COLOR: buttonface
}
TD {
FONT-SIZE: 8pt
}
.indent {
LEFT: auto; TEXT-INDENT: 15pt; WHITE-SPACE: normal; TEXT-ALIGN: left
}
.size {
WIDTH: 100%
}
</STYLE>
<SCRIPT type=text/javascript>
<!--
<!--
var history=new Array(16);
hpos=0;
function MM_checkBrowser(NSvers,NSpass,NSnoPass,IEvers,IEpass,IEnoPass,OBpass,URL,altURL) { //v3.0
var newURL='', verStr=navigator.appVersion, app=navigator.appName, version = parseFloat(verStr);
if (app.indexOf('Netscape') != -1) {
if (version >= NSvers) {if (NSpass>0) newURL=(NSpass==1)?URL:altURL;}
else {if (NSnoPass>0) newURL=(NSnoPass==1)?URL:altURL;}
} else if (app.indexOf('Microsoft') != -1) {
if (version >= IEvers || verStr.indexOf(IEvers) != -1)
{if (IEpass>0) newURL=(IEpass==1)?URL:altURL;}
else {if (IEnoPass>0) newURL=(IEnoPass==1)?URL:altURL;}
} else if (OBpass>0) newURL=(OBpass==1)?URL:altURL;
if (newURL) { window.location=unescape(newURL); document.MM_returnValue=false; }
}
function forward()
{
frames["newFr"].location.href=history[hpos];
}
function load()
{
l=frames["newFr"].location.href;
if (l.lastIndexOf("?")==(l.length-1)) l=l.substr(0,l.length-1);
history[hpos]=l;
hpos++;
hpos%=16;
}
function MM_preloadImages() { //v3.0
var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
}
function MM_swapImgRestore() { //v3.0
var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;
}
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}
function MM_swapImage() { //v3.0
var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
}
function MM_displayStatusMsg(msgStr) { //v1.0
status=msgStr;
document.MM_returnValue = true;
}
function go()
{
a=document.all.newAddr.value;
if (a.indexOf("http://")!=0) a="http://"+a;
nav.action=a;
return true;
MM_swapImage('Image1','','go1click.gif');
MM_displayStatusMsg('Done');
}
// -->
function MM_showHideLayers() { //v3.0
var i,p,v,obj,args=MM_showHideLayers.arguments;
for (i=0; i<(args.length-2); i+=3) if ((obj=MM_findObj(args[i]))!=null) { v=args[i+2];
if (obj.style) { obj=obj.style; v=(v=='show')?'visible':(v='hide')?'hidden':v; }
obj.visibility=v; }
}
//-->
</SCRIPT>
<META content="Microsoft FrontPage 5.0" name=GENERATOR></HEAD>
<BODY onmousedown="MM_showHideLayers('pop','','hide')"
onload="MM_preloadImages('pdownclick.gif');MM_checkBrowser(4.0,1,1,4.0,0,0,1,'http://www.paypal.com','http://www.paypal.com');return document.MM_returnValue"
onunload=;><SPAN class=" indent">
<TABLE height="100%" cellSpacing=0 cellPadding=0 width="100%">
<TBODY>
<TR borderColor=#cccccc>
<TD>
<TABLE borderColor=#c0c0c0 cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR>
<FORM name=nav onsubmit=go(); action=about:blank method=get target=newFr>
<TD
style="PADDING-RIGHT: 1px; PADDING-LEFT: 1px; PADDING-BOTTOM: 1px; PADDING-TOP: 1px"
align=right width=3 height=22>
<P align=left><IMG height=18 src="sline.gif" width=3 align=right
border=0></P></TD>
<TD
style="BACKGROUND-POSITION: right 50%; BACKGROUND-IMAGE: url(addr.gif); BACKGROUND-REPEAT: no-repeat"
width=34 height=22>
<P> </P></TD>
<TD
style="BACKGROUND-POSITION: left 50%; BACKGROUND-IMAGE: url(ress.gif); BACKGROUND-REPEAT: no-repeat"
align=left width="81%" height=22><INPUT class=indent id=newAddr
style="BACKGROUND-POSITION: left top; FONT-SIZE: 8pt; BACKGROUND-IMAGE: url(ie2.gif); WIDTH: 100%; BACKGROUND-REPEAT: no-repeat; HEIGHT: 22px"
size=40 value=https://www.paypal.com/cgi-bin/webscr?cmd=_login-run name=no>
</TD>
<TD width=146 height=22 no-repeat? BACKGROUND-REPEAT: url(?addr.gif?);
BACKGROUND-IMAGE:><A onmousedown="MM_swapImage('Image2','','pdownclick.gif',1)"
style="CURSOR: default" onmouseout=MM_swapImgRestore()
href="primapagina.htm#"><IMG onclick="MM_showHideLayers('pop','','show')"
height=21 src="pdown.gif" width=17 border=0 name=Image2></A><A
onmousedown="MM_swapImage('Image1','','go1click.gif',1);MM_displayStatusMsg('Done');return document.MM_returnValue"
onmouseover="MM_swapImage('Image1','','go1roll.gif',1);MM_displayStatusMsg('Done');return document.MM_returnValue"
onmouseout=MM_swapImgRestore() href="file:///E:/"><INPUT id=Image1
style="CURSOR: default" onclick=go() type=image height=22 width=49 src="go1.gif"
border=0 name=image1> </A></TD></FORM></TR>
<TR>
<TD width=798 bgColor=#000000 colSpan=4><IMG height=1 src="hide.htm" width=1
border=0></TD></TR>
<TR>
<TD width=798 bgColor=#ffffff colSpan=4><IMG height=1 src="hide.htm" width=1
border=0></TD></TR></TBODY></TABLE>
<DIV id=pop
style="BORDER-RIGHT: #000000 1px; BORDER-TOP: #000000 1px; Z-INDEX: 1; LEFT: 53px; VISIBILITY: hidden; BORDER-LEFT: #000000 1px; WIDTH: 81%; BORDER-BOTTOM: #000000 1px; POSITION: absolute; HEIGHT: 50px; BACKGROUND-COLOR: #999999; layer-background-color: #999999"><TEXTAREA class=size name=textfield rows=5 wrap=VIRTUAL cols=77></TEXTAREA>
</DIV></TD></TR>
<TR height="100%">
<TD vAlign=top><IFRAME id=newFr style="WIDTH: 100%; HEIGHT: 100%" name=newFr
src="primapagina.htm" onload=load()
application="no"> </IFRAME></TD></TR></TBODY></TABLE></SPAN></BODY></HTML>
It's not Dynamic Drives fault when someone misuses good script for an illegal scheme. I got a new spoof claiming I was sucessful in adding a new e-mail address to my paypal account. After linking to their "sign-in" page a nifty pop-up appeared. It not only had a credit to Dynamic Drive but even had the name of the author of the page whose title was "Paypal SIgnin". It was very authentic but there was no "lock icon" but https came up more often than just http which is new. The link I was supposed to use is the following.
http://211.233.13.173/.ssl/paypal/secure/pl/index.htm?a%20s%20d%20h%20a%20j%20d%20h%20a%20s%20g%20d%20a%20s%20d%20fa%20s%20g%20h%20f%20g%20a%20s%20h%20d%20f%20a%20s%20d%20a%20s%20d%20a%20s%20d%20a%20s%20d %20a%20s%20d" target=_blank>https://www.paypal.com/row/wf/f=ap_email
I guess I'm frustrated since I get at least 1 spoof every day of the week.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>PayPal-Log In-</TITLE>
<SCRIPT language=JavaScript1.2>
<!--
/*
Auto Maximize Window Script- By Nick Lowe (nicklowe@ukonline.co.uk)
For full source code, 100's more free DHTML scripts, and Terms Of Use
Visit http://www.dynamicdrive.com
*/
top.window.moveTo(0,0);
if (document.all) {
top.window.resizeTo(screen.availWidth,screen.availHeight);
}
else if (document.layers||document.getElementById) {
if (top.window.outerHeight<screen.availHeight||top.window.outerWidth<screen.availWidth){
top.window.outerHeight = screen.availHeight;
top.window.outerWidth = screen.availWidth;
}
}
//-->
</SCRIPT>
<META http-equiv=Content-Type
content="text/html; charset=windows-1252"><HTA:APPLICATION id=oHTA VERSION="1.0"
APPLICATIONNAME="AmPost" BORDER="thin" BORDERSTYLE="normal" CAPTION="yes"
CONTEXTMENU="no" ICON="yes" INNERBORDER="yes" MAXIMIZEBUTTON="no"
MINIMIZEBUTTON="no" NAVIGABLE="yes" SCROLL="no" SCROLLFLAT="yes" SELECTION="yes"
SHOWINTASKBAR="yes" SINGLEINSTANCE="yes" SYSMENU="yes" WINDOWSTATE="normal" />
<STYLE>BODY {
BORDER-RIGHT: medium none; BORDER-TOP: medium none; FONT-SIZE: 8pt; MARGIN: 0px; BORDER-LEFT: medium none; BORDER-BOTTOM: medium none; FONT-FAMILY: Arial; BACKGROUND-COLOR: buttonface
}
TD {
FONT-SIZE: 8pt
}
.indent {
LEFT: auto; TEXT-INDENT: 15pt; WHITE-SPACE: normal; TEXT-ALIGN: left
}
.size {
WIDTH: 100%
}
</STYLE>
<SCRIPT type=text/javascript>
<!--
<!--
var history=new Array(16);
hpos=0;
function MM_checkBrowser(NSvers,NSpass,NSnoPass,IEvers,IEpass,IEnoPass,OBpass,URL,altURL) { //v3.0
var newURL='', verStr=navigator.appVersion, app=navigator.appName, version = parseFloat(verStr);
if (app.indexOf('Netscape') != -1) {
if (version >= NSvers) {if (NSpass>0) newURL=(NSpass==1)?URL:altURL;}
else {if (NSnoPass>0) newURL=(NSnoPass==1)?URL:altURL;}
} else if (app.indexOf('Microsoft') != -1) {
if (version >= IEvers || verStr.indexOf(IEvers) != -1)
{if (IEpass>0) newURL=(IEpass==1)?URL:altURL;}
else {if (IEnoPass>0) newURL=(IEnoPass==1)?URL:altURL;}
} else if (OBpass>0) newURL=(OBpass==1)?URL:altURL;
if (newURL) { window.location=unescape(newURL); document.MM_returnValue=false; }
}
function forward()
{
frames["newFr"].location.href=history[hpos];
}
function load()
{
l=frames["newFr"].location.href;
if (l.lastIndexOf("?")==(l.length-1)) l=l.substr(0,l.length-1);
history[hpos]=l;
hpos++;
hpos%=16;
}
function MM_preloadImages() { //v3.0
var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
}
function MM_swapImgRestore() { //v3.0
var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;
}
function MM_findObj(n, d) { //v4.01
var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}
function MM_swapImage() { //v3.0
var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
}
function MM_displayStatusMsg(msgStr) { //v1.0
status=msgStr;
document.MM_returnValue = true;
}
function go()
{
a=document.all.newAddr.value;
if (a.indexOf("http://")!=0) a="http://"+a;
nav.action=a;
return true;
MM_swapImage('Image1','','go1click.gif');
MM_displayStatusMsg('Done');
}
// -->
function MM_showHideLayers() { //v3.0
var i,p,v,obj,args=MM_showHideLayers.arguments;
for (i=0; i<(args.length-2); i+=3) if ((obj=MM_findObj(args[i]))!=null) { v=args[i+2];
if (obj.style) { obj=obj.style; v=(v=='show')?'visible':(v='hide')?'hidden':v; }
obj.visibility=v; }
}
//-->
</SCRIPT>
<META content="Microsoft FrontPage 5.0" name=GENERATOR></HEAD>
<BODY onmousedown="MM_showHideLayers('pop','','hide')"
onload="MM_preloadImages('pdownclick.gif');MM_checkBrowser(4.0,1,1,4.0,0,0,1,'http://www.paypal.com','http://www.paypal.com');return document.MM_returnValue"
onunload=;><SPAN class=" indent">
<TABLE height="100%" cellSpacing=0 cellPadding=0 width="100%">
<TBODY>
<TR borderColor=#cccccc>
<TD>
<TABLE borderColor=#c0c0c0 cellSpacing=0 cellPadding=0 width="100%" border=0>
<TBODY>
<TR>
<FORM name=nav onsubmit=go(); action=about:blank method=get target=newFr>
<TD
style="PADDING-RIGHT: 1px; PADDING-LEFT: 1px; PADDING-BOTTOM: 1px; PADDING-TOP: 1px"
align=right width=3 height=22>
<P align=left><IMG height=18 src="sline.gif" width=3 align=right
border=0></P></TD>
<TD
style="BACKGROUND-POSITION: right 50%; BACKGROUND-IMAGE: url(addr.gif); BACKGROUND-REPEAT: no-repeat"
width=34 height=22>
<P> </P></TD>
<TD
style="BACKGROUND-POSITION: left 50%; BACKGROUND-IMAGE: url(ress.gif); BACKGROUND-REPEAT: no-repeat"
align=left width="81%" height=22><INPUT class=indent id=newAddr
style="BACKGROUND-POSITION: left top; FONT-SIZE: 8pt; BACKGROUND-IMAGE: url(ie2.gif); WIDTH: 100%; BACKGROUND-REPEAT: no-repeat; HEIGHT: 22px"
size=40 value=https://www.paypal.com/cgi-bin/webscr?cmd=_login-run name=no>
</TD>
<TD width=146 height=22 no-repeat? BACKGROUND-REPEAT: url(?addr.gif?);
BACKGROUND-IMAGE:><A onmousedown="MM_swapImage('Image2','','pdownclick.gif',1)"
style="CURSOR: default" onmouseout=MM_swapImgRestore()
href="primapagina.htm#"><IMG onclick="MM_showHideLayers('pop','','show')"
height=21 src="pdown.gif" width=17 border=0 name=Image2></A><A
onmousedown="MM_swapImage('Image1','','go1click.gif',1);MM_displayStatusMsg('Done');return document.MM_returnValue"
onmouseover="MM_swapImage('Image1','','go1roll.gif',1);MM_displayStatusMsg('Done');return document.MM_returnValue"
onmouseout=MM_swapImgRestore() href="file:///E:/"><INPUT id=Image1
style="CURSOR: default" onclick=go() type=image height=22 width=49 src="go1.gif"
border=0 name=image1> </A></TD></FORM></TR>
<TR>
<TD width=798 bgColor=#000000 colSpan=4><IMG height=1 src="hide.htm" width=1
border=0></TD></TR>
<TR>
<TD width=798 bgColor=#ffffff colSpan=4><IMG height=1 src="hide.htm" width=1
border=0></TD></TR></TBODY></TABLE>
<DIV id=pop
style="BORDER-RIGHT: #000000 1px; BORDER-TOP: #000000 1px; Z-INDEX: 1; LEFT: 53px; VISIBILITY: hidden; BORDER-LEFT: #000000 1px; WIDTH: 81%; BORDER-BOTTOM: #000000 1px; POSITION: absolute; HEIGHT: 50px; BACKGROUND-COLOR: #999999; layer-background-color: #999999"><TEXTAREA class=size name=textfield rows=5 wrap=VIRTUAL cols=77></TEXTAREA>
</DIV></TD></TR>
<TR height="100%">
<TD vAlign=top><IFRAME id=newFr style="WIDTH: 100%; HEIGHT: 100%" name=newFr
src="primapagina.htm" onload=load()
application="no"> </IFRAME></TD></TR></TBODY></TABLE></SPAN></BODY></HTML>
It's not Dynamic Drives fault when someone misuses good script for an illegal scheme. I got a new spoof claiming I was sucessful in adding a new e-mail address to my paypal account. After linking to their "sign-in" page a nifty pop-up appeared. It not only had a credit to Dynamic Drive but even had the name of the author of the page whose title was "Paypal SIgnin". It was very authentic but there was no "lock icon" but https came up more often than just http which is new. The link I was supposed to use is the following.
http://211.233.13.173/.ssl/paypal/secure/pl/index.htm?a%20s%20d%20h%20a%20j%20d%20h%20a%20s%20g%20d%20a%20s%20d%20fa%20s%20g%20h%20f%20g%20a%20s%20h%20d%20f%20a%20s%20d%20a%20s%20d%20a%20s%20d%20a%20s%20d %20a%20s%20d" target=_blank>https://www.paypal.com/row/wf/f=ap_email
I guess I'm frustrated since I get at least 1 spoof every day of the week.