informa
Products & Releases

Attack Attempts To Hijack Yahoo Hosting Customers' Websites

Trusteer discovers phishing campaign designed to steal content management login credentials
NEW YORK, Dec. 7, 2009 "Trusteer, the customer protection company for online businesses, today issued a security advisory that warns the customers of website hosting companies, including yahoo.com, against a new phishing attack aimed at stealing their content management system log-in credentials. The e-mails discovered by Trusteer appear to be from Yahoo.com (and other website hosting firms) and ask website owners to confirm their cPanel/FTP account information. Using this information, criminals are uploading look-alike bank website pages to steal funds.

cPanel is a very popular CMS (Content Management System), used by many leading hosting providers, including Yahoo. It is used to perform website operations, including FTP account control and setup, which can be used to upload content to the cPanel-managed web site. Over the past few days, Trusteer's security monitoring service has detected a phishing email campaign targeting owners of cPanel-based sites at various hosting providers. The attack is designed to harvest the FTP credentials of site owners, using cPanel-oriented messaging.

The full report is available at: http://www.trusteer.com/files/cPanel-FTP-Phishing-advisory.pdf.

"The ability to upload arbitrary content into relatively small and less popular sites may seem un-interesting fraud-wise," said Amit Klein CTO of Trusteer and head of the company's research organization. "However, evidence we have collected over the past few months connects cPanel-driven sites to online banking fraud. By stealing cPanel login credentials, criminals do not need to use hacking tools to upload content to a website, and therefore can avoid detection until after they have siphoned funds from consumer and business banking accounts."

About Rapport

Rapport from Trusteer is a lightweight browser plug-in plus security service that acts like a vault inside the browser and prevents redirection of user information to fraudulent websites. It protects personally identifiable information (PII) and Web pages from unauthorized access and theft while users are accessing sensitive Web sites. Trusteer also offers in-the-cloud reporting services where unauthorized access attempts detected by Rapport are analyzed by fraud experts who provide actionable intelligence to financial institutions.

About Trusteer

Trusteer enables online businesses to secure communications with their customers over the Internet and protect PII from a user's keyboard into the company's Web site. Trusteer's flagship product, Rapport, allows online banks, brokerages, healthcare providers, and retailers to protect their customers from identity theft and financial fraud. Unlike conventional approaches to Web security, Rapport protects users' PII even if their computer is infected with malware including Trojans and keyloggers, or is victimized by pharming or phishing attacks. Trusteer is a privately held corporation led by former executives from Cyota/RSA Security, Imperva, and NetScreen/Juniper. For more information visit www.trusteer.com.

Recommended Reading: