Am I Safe Identity Theft: Phishing Scam Imitates cPanel, Targets Webmasters

By Liam Eagle, December 08,

(WEB HOST INDUSTRY REVIEW) -- A report published Monday on the Register said a new phishing scam has been uncovered, targeting the webmasters of legitimate websites by appearing to be their hosting providers and asking for their administrator login details.

The new scam, which was reported on Saturday by security researcher Gary Warner, via a post on his blog, targets the customers of a long list of hosting providers, including some of the most widely used hosting companies – Go Daddy, Hostgator and Yahoo! among them.

Customers of these and other hosting companies, a list of more than 90 in total, have received emails that vary somewhat in content, but ultimately ask, “due to the system maintenance, we kindly ask you to take a few minutes to confirm your FTP details.”

Clicking on a link in the email takes the user to a page that imitates the appearance of the widely-used hosting control panel cPanel. Should the customer enter their information, they are then forwarded to their hosting provider’s login page.

“The goal seems to really be capturing the FTP userids and passwords of webmasters,” writes Werner. “You can imagine what sorts of badness this campaign may lead to.”

As pointed out in the Register story, an increasingly popular tactic among phishers, and distributers of Malware, is corrupting trusted websites, often a step in the distribution of the viruses that create botnets then used to distribute spam.

The Register cites recently-launched security firm Dasient, a company that provides antivirus-type security scanning and repair for websites, as reporting that 640,000 websites were infected with code designed to launch malware attacks on visitors.

From the webmaster’s perspective, having a website corrupted with malware can lead to a site being added on blacklists that can be very difficult to make it away from. Those blacklists are used by Google and Firefox, as well as other tools, to warn users they may be entering unsafe websites.

Werner advises webmasters targeted by the attack to let their web hosting companies know they have been targeted. We would similarly advise web hosting companies named on Werner’s list to let customers know they might be targeted by this sort of phishing email, in much the way banks have been doing for several years.

http://www.thewhir.com/web-hosting-news/120809_Phishing_Scam_Imitates_cPanel_Targets_Webmasters

Am I Safe Identity Theft

1&1 Hosting Special

About Me

Be Safe From Identity theft, You Your Family and Your Business

Blog Archive

Impersonation/Identity Fraud

"Shocking Facts Every Computer Owner Should Know"

What is Peaking In On Your PC ...

Experts warn of risks when using debit cards

Steps to Better Online Security

When You're Using A PC That Is Not Yours

Maintain your Privacy!

IP Address Lookup Tools

The Red Flags

Are you complying with the Red Flags Rule?

Security vs. PCI Compliance

Host Name Lookup

Small Firms Unprotected From Sophisticated Cyber Attack Can be Financially Devastating

insightful paper

Loot Online Bank Accounts By Cybercriminals Who Use Trojans and Money Mules

Beware the “Bahama” Botnet

White Paper

Host Name Lookup

Blogs of Interest

Look What's In The News!!

Followers

Friday, December 11, 2009

Phishing Scam Imitates cPanel, Targets Webmasters

No comments: