copied from
www.isc.sans.org, this might affect quite a few people if you're not VERY careful indeed. It's worrying that Paypal may have been severely compromised!!!!
Pay Pal Phlaw?
We've recieved a report of a potential flaw in the PayPal website that is being used to steal credit card and other personal information from PayPal users.
The scam works by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal.
When the victim visits the page, they are presented with a message that has been 'injected' onto the genuine PayPal site that says, "Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center." After a short pause, the victim is then redirected to an external server, (apparently somewhere in Korean IP space) which presents a very convincing fake PayPal Member log-In page.
Logging in sends the PayPal username and password to the bad guys and causes another page asking for more information (social security number, credit card number ...) to remove the limits on the access of thier account.
More to come as we confirm information.