2 min read

Hackers Break IT Website to Steal E-mail Passwords via Copy for Payment Scam

Bianca STANESCU

August 22, 2013

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Hackers Break IT Website to Steal E-mail Passwords via Copy for Payment Scam

Users are targeted once again by scammers, who launched a new spam campaign to steal their e-mail passwords. This time, cyber-crime groups broke into a legitimate software solutions website to spread phishing and adware. The same domain is also hosting Trojans for further attacks.

Hackers Break IT Website to Steal E-mail Passwords via Copy for Payment Scam “Our continuing effort to discover and increase knowledge & understanding through disciplined research enables us to deliver quality products,” the Indian-based software solutions company advertised on its website. That wasn’t a huge deterrent for scammers, who managed to hack the web page, embed malware and dump a phishing folder in the script. After preparing the baits, cyber-criminals started to spread the phishing-related URLs in a spam campaign.

Hackers Break IT Website to Steal E-mail Passwords via Copy for Payment Scam “Please Confirm Attached Payment Copy To Your Account,” the e-mail reads. “Dear Sir, please find TT copy for payment to your Account. Please Confirm receipt.”

The compromised domain also contains two encrypted Java Scripts injected in the WordPress page. Detected by Bitdefender antivirus with Trojan.Iframe.RW and Trojan.JS.QJD, both inject iFrames into the website and redirect users to adware.

Though the sender looks as coming from UK financial group HSBC to target especially the British, the spam is sent worldwide and even uses US dollars as online currency for the phishing page.

The bogus OnlineTTcopy attachment redirects to a phishing website that uses the images and login script of http://webmail.tr[REMOVED]ge.co.za/ to verify how many users have been duped to give away their e-mail credentials. JavaScript Trojans are mainly embedded in legitimate but poorly-crafted websites. Trojan.Iframe may be injected in a legal web page to download further malware and to be used for future cyber-attacks.

This article is based on the technical information provided courtesy of Doina COSOVAN, Bitdefender Virus Analyst.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

tags


Author


Bianca STANESCU

Bianca Stanescu, the fiercest warrior princess in the Bitdefender news palace, is a down-to-earth journalist, who's always on to a cybertrendy story.

View all posts

You might also like

Bookmarks


loader