Viruslist blog reported about interesting Javascript. This script runs maximized in the browser and presents the user with a window which looks like this: As you can see, there is an Address field in the window which says “https://www.paypal.com/us”, but it is not the real browser address editbox! It’s a special field inside the Java