Search Web HostingPhishing Scam Imitates cPanel, Targets Webmasters
- By Liam Eagle, December 08, 2009
(WEB HOST INDUSTRY REVIEW) -- A report published Monday on the Register said a new phishing scam has been uncovered, targeting the webmasters of legitimate websites by appearing to be their hosting providers and asking for their administrator login details.
The new scam, which was reported on Saturday by security researcher Gary Warner, via a post on his blog, targets the customers of a long list of hosting providers, including some of the most widely used hosting companies – Go Daddy, Hostgator and Yahoo! among them.
Customers of these and other hosting companies, a list of more than 90 in total, have received emails that vary somewhat in content, but ultimately ask, “due to the system maintenance, we kindly ask you to take a few minutes to confirm your FTP details.”
Clicking on a link in the email takes the user to a page that imitates the appearance of the widely-used hosting control panel cPanel. Should the customer enter their information, they are then forwarded to their hosting provider’s login page.
“The goal seems to really be capturing the FTP userids and passwords of webmasters,” writes Werner. “You can imagine what sorts of badness this campaign may lead to.”
As pointed out in the Register story, an increasingly popular tactic among phishers, and distributers of Malware, is corrupting trusted websites, often a step in the distribution of the viruses that create botnets then used to distribute spam.
The Register cites recently-launched security firm Dasient, a company that provides antivirus-type security scanning and repair for websites, as reporting that 640,000 websites were infected with code designed to launch malware attacks on visitors.
From the webmaster’s perspective, having a website corrupted with malware can lead to a site being added on blacklists that can be very difficult to make it away from. Those blacklists are used by Google and Firefox, as well as other tools, to warn users they may be entering unsafe websites.
Werner advises webmasters targeted by the attack to let their web hosting companies know they have been targeted. We would similarly advise web hosting companies named on Werner’s list to let customers know they might be targeted by this sort of phishing email, in much the way banks have been doing for several years.
 |
PREVIOUS: StrataScale Names Rackspace Exec to Marketing VP | | | NEXT: Digital Realty Trust Buys Santa Clara Data Center for $90M |  |
Join This Discussion
Comment by Aaron Phillips on Tuesday, December 08, 2009
Comment by Anonymous on Tuesday, December 08, 2009
I was using Lunarpages hosting my web site were also infected all my .html and .php pages were infected with a malware script which redirects users to a different page I hate Lunarpages their servers are not safe I was hosted on Macha server.
Comment by Anonymous on Wednesday, December 09, 2009
@Lunarpages hater:
Are you that's Lunarpages fault?
From my experience, many people are having virus on they computer which read saved passwords in your browser - including cPanel admin. Also, you may have weak password. And there is always possibility that you are wictim of phising. Eather of those reasons have nothing with Lunarpages. It is (maybe) your fault.
I host many sites on LP and have no problem at all.
I'm not saying this is true, but I cleaned up many infected sites and traced source of infection to the user in 95% of cases.
Comment by Anonymous on Wednesday, December 09, 2009
P.S. sorry about typos :)
Comment by Anonymous on Wednesday, December 09, 2009
There is an awful virus that redirects when you try to hyperlink. I was able to find what I think is the original website, and I passed it on to several of the virus protection companies. They also were working with several computers that were infected. Ultimately, they took a copy of my hard drive and had me wipe everything.
In the upper corner of the addressess bar is an icon.This would be like the internet explorer e.
The infected redirect sites usually have a script 2 or you might think of it as a script Q. It is like a loopy handwritten 2. If you see this, then you are infected.
This is nobody's fault. As I said, I was working with the big wigs. This virus is a mother! I personally traced it back to its origen, at least I think I did. I provided this all to the virus protection company. They will solve this problem.
Comment by Anonymous on Wednesday, December 09, 2009
Lunarpages is very unlikely to blame. Keep your CMS updated, make sure you have set the right permissions on your folders, and backup regularly.
Comment by Anonymous on Wednesday, December 09, 2009
@Lunarpages hater:
Come on your comment just shows you should not have a website.
Lunarpage has the most configurable security for shared hosting I ever used. I have 99.9%confidence my site will not get hacked because I could modify php.ini .htaccess files to enhence security preventing mysql injections, urlfopen, ipdenying and much more...
If I ever get hacked it will be something the sort of a code I used that is not safe (wich I dont think so since I inspec and modify each files i use for security enhencements) or a admin password that get cracked caus i dont change it often enough or use too simples ones.
It's peaple like you that dont know what they talk about that makes the internet unsafe by letting those hacker use your resources for malicious acts.
Thanks lunarpages for such a fast, managable, low cost server...
Hope I will be your customer next year too ! (curently having money issues and payment is du Ho no ! so chaep and I cant pay it... yet)
Comment anonymously or log into your WHIR account
Log in for enhanced commenting features (i.e. external linking) in news, features, blogs and more.
Most Recent Posts
- News: Q&A: Karl Pichler, Finance Director of EMEA, Rackspace
- News: Microsoft Hosting Exec John Zanni Joins Parallels as Vice President of Alliances
- News: Lincoln Property Acquires Data Center Brokerage Firm Rackhouse
- News: Open-Xchange Improves Usability, Social Networking Features
- Blogs: See you at the Tier 1 Research Hosting & Cloud Transformation Summit 2010
Technically, there's nothing new about us posing the question, "what are the next steps hosting providers must take to capitalize on the opportunities available in the business?" From the 10,000-foot view, that's the basic premise that underlies just... Read More
Europe cuts an interesting figure in our coverage of the web hosting industry. From a purely news standpoint, it is very possible to treat Europe in more or less the same way that we treat North America - that is, report the facts, ask the right ques... Read More
In 2008, in our inaugural Hottest Hosts guide, I wrote that we were exploring a new format with the first in-print directory of web hosting services. And last year, I discussed the project in the context of an ongoing project, and a growing tradition... Read More
It should be noted that the status of the domains .co.uk, .org.uk, and .me.uk have the following status:
This registration has been SUSPENDED.
Report This Post