Article

Yahoo login credentials at risk to hijacking attack

SearchSecurity.com Staff

    Requires Free Membership to View

sign up for our free newsletter.

A new phishing attack attempts to steal Web hosting login credentials from Yahoo Inc. and other service providers.

Security researchers at Trusteer Inc. issued an advisory warning of the new phishing attack, which was detected last week. Customers who use content management systems run by Yahoo and other service providers are receiving phony emails that ask website owners to confirm their account information.

The phony emails ask for FTP account credentials and other sensitive data. Once the information is passed on to the cybercriminals, they use the stolen account data to set up fake website bank pages to steal funds.

Trusteer said in addition to FTP credentials, the email requests cPanel login information. CPanel is a popular content management system used to manage websites, including control FTP accounts. Once in control, the cybercriminals can upload content, including malicious code.

"Over the past few days, Trusteer's security monitoring service has detected a phishing email campaign targeting owners of cPanel-based sites at various hosting providers," the company said in its advisory.

Amit Klein CTO of Trusteer said cybercriminals have been using cPanel-based sites over the past several months to commit banking fraud. The cPanel and Yahoo hosted sites are smaller and get less traffic, but cybercriminals can control them for longer periods without being detected, Klein said.

"By stealing cPanel login credentials, criminals do not need to use hacking tools to upload content to a website, and therefore can avoid detection until after they have siphoned funds from consumer and business banking accounts," Klein said in a statement.

It is unclear where the phishing emails originate. The Trusteer advisory says researchers traced them back to a domain in the U.K. with an IP address that resolves in the Philippines.

In September researchers discovered attackers targeting Yahoo using automated brute force password attacks. The attackers targeted the webmail accounts of Yahoo and other services by bypassing the traditional Web login interface using automated scripts that cycle through common passwords and possible user names. The Web Application Security Consortium Distributed Open Proxy Honeypot project, maintained by researchers at Breach Security Inc., has been monitoring the attacks over the last several months.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: