Phishers angling for Web site administrators
Scam e-mail artists have launched a massive campaign to trick webmasters into giving up the credentials needed to administer their Web sites, targeting site owners at more than 90 online hosting providers. Experts say the attackers are attempting to build a distributed network of hacked sites through which to distribute their malicious software.
The spam e-mails arrive addressed to users of some of the top Web hosting firms, from hostgator.com to yahoo.com and 50webs.com, and bear the same basic message:
"Due to the system maintenance, we kindly ask you to take a few minutes to confirm your FTP details." Recipients who click the included link are brought to a Web site made to look like a cPanel page (cPanel is a widely used Web site administration software package). People who fall for the scam and provide their credentials are then forwarded on to the actual site of the Web hosting company named in the body and subject line of the scam e-mail.
According to Gary Warner, director of research in computer forensics at the University of Alabama, Birmingham, the perpetrators of this scam appear to be trying to capture the FTP user names and passwords of webmasters, in a bid to enlist the hacked sites in drive-by malware attacks.
If you administer a Web site and fell for this phishing scheme, be sure to contact your hosting provider and have them change your password. It would also be a good idea to review your Web site content for any recent unauthorized changes. Stopbadware.org has some great resources and a very active user community that can help affected Web site administrators clean and secure their pages.
December 5, 2009; 10:05 AM ET
Categories: Latest Warnings , Safety Tips
Save & Share: Previous: Apple issues security updates for Mac OS X
Next: La. firm sues Capital One after losing thousands in online bank fraud
Posted by: LiberalBasher | December 6, 2009 8:31 AM | Report abuse
Posted by: TheGeezer | December 6, 2009 12:47 PM | Report abuse
Posted by: TheGeezer | December 6, 2009 1:08 PM | Report abuse
Posted by: ummhuh1 | December 7, 2009 2:01 PM | Report abuse
Posted by: hhhobbit | December 9, 2009 11:00 AM | Report abuse
The comments to this entry are closed.