Updating a previous story, Paypal has found and fixed the URL which was re-directing traffic to a server in Korea, which is also in the process of shutting down that server.
Online transaction outfit, PayPal has found a phony URL on its site that was being used by fraudsters to steal credit card numbers and other personal information belonging to PayPal users. The issue was publicised by Netcraft, and PayPal swiftly fixed it. However it is unclear how many people lost personal details because of it.
The scam involved tricking users into accessing a URL hosted on the real PayPal web site. This URL used SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate was presented to confirm that the site does indeed belong to PayPal. But the content on the page was been modified by the fraudsters via a cross-site scripting technique (XSS).
News source: The Inquirer