Attack Attempts To Hijack Yahoo Hosting Customers' Websites
Trusteer discovers phishing campaign designed to steal content management login credentials
December 8, 2009
PRESS RELEASE
NEW YORK, Dec. 7, 2009 "Trusteer, the customer protection company for online businesses, today issued a security advisory that warns the customers of website hosting companies, including yahoo.com, against a new phishing attack aimed at stealing their content management system log-in credentials. The e-mails discovered by Trusteer appear to be from Yahoo.com (and other website hosting firms) and ask website owners to confirm their cPanel/FTP account information. Using this information, criminals are uploading look-alike bank website pages to steal funds.
cPanel is a very popular CMS (Content Management System), used by many leading hosting providers, including Yahoo. It is used to perform website operations, including FTP account control and setup, which can be used to upload content to the cPanel-managed web site. Over the past few days, Trusteer's security monitoring service has detected a phishing email campaign targeting owners of cPanel-based sites at various hosting providers. The attack is designed to harvest the FTP credentials of site owners, using cPanel-oriented messaging.
The full report is available at: http://www.trusteer.com/files/cPanel-FTP-Phishing-advisory.pdf.
"The ability to upload arbitrary content into relatively small and less popular sites may seem un-interesting fraud-wise," said Amit Klein CTO of Trusteer and head of the company's research organization. "However, evidence we have collected over the past few months connects cPanel-driven sites to online banking fraud. By stealing cPanel login credentials, criminals do not need to use hacking tools to upload content to a website, and therefore can avoid detection until after they have siphoned funds from consumer and business banking accounts."
About Rapport
Rapport from Trusteer is a lightweight browser plug-in plus security service that acts like a vault inside the browser and prevents redirection of user information to fraudulent websites. It protects personally identifiable information (PII) and Web pages from unauthorized access and theft while users are accessing sensitive Web sites. Trusteer also offers in-the-cloud reporting services where unauthorized access attempts detected by Rapport are analyzed by fraud experts who provide actionable intelligence to financial institutions.
About Trusteer
Trusteer enables online businesses to secure communications with their customers over the Internet and protect PII from a user's keyboard into the company's Web site. Trusteer's flagship product, Rapport, allows online banks, brokerages, healthcare providers, and retailers to protect their customers from identity theft and financial fraud. Unlike conventional approaches to Web security, Rapport protects users' PII even if their computer is infected with malware including Trojans and keyloggers, or is victimized by pharming or phishing attacks. Trusteer is a privately held corporation led by former executives from Cyota/RSA Security, Imperva, and NetScreen/Juniper. For more information visit www.trusteer.com.
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024