Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Trend Micro threat analysts come across a huge number of phishing cases that feature nearly identical domain names every day. In a Web reputation manual verification exercise, analysts found that three of the most popular phishing targets to date were Chase, the Internal Revenue Service (IRS), and, just recently, Web hosting sites.

    To launch such an attack, cybercriminals use the phishing URL format cpanel.{attacked_company}.{phishingdomain}/scripts/cpanel-ftp-confirmation.php.

    In this kind of attack, the phishing URL loads a page where users are asked to enter the following information:

    • FTP hostname/address
    • FTP login
    • Password

    Once the users enter the required information, they will receive a confirmation message. They will then be redirected to the legitimate Web hosting site to fool them into thinking that they have not just been phished. Little do they know that their sites have been compromised and may be used by cybercriminals to further their own malicious causes. And worse, if they use the same login credentials (username and password) for other sites (e.g., banking and email), they may have just fallen prey to identity theft.

    Click for larger view Click for larger view

    Phishers who use this technique usually target .uk (United Kingdom) domains .be (Belgium) domains.

    Trend Micro users are protected from this threat via the Smart Protection Network, which detects and consequently blocks user access to all related phishing URLs.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice