#CyberInsecure.com RSS Feed CyberInsecure.com Daily cyber threats and internet security news alerts ____________________ Search * Home * Archives * Contact * About * Email Subscribe * Advertise [redmail.jpg] December 3rd, 2008 CheckFree Online Payment Site Hijacked By Criminals, Users Redirected To Rogue Server Online payment service CheckFree lost control of at least two of its domains on Tuesday in an attack that sent customers to servers run by cybercriminals from Eastern Europe. The Register reports about a reader who received a bogus secure sockets layer certificate when attempted to log in to his Mycheckfree.com account early Tuesday morning. On further examination, he discovered the site was mapping to 91.203.92.63. To confirm the redirection was an internet-wide problem, he checked the site using a server in another part of the US and got the same result. Commercial customer support tech was not aware of any problem. Security experts say the 91.203.92.63 IP address has long served as a conduit for online crime. According to security researcher Paul Ferguson of anti-virus software provider Trend Micro, the IP address was recently observed handing off booby-trapped PDF files that infected those unfortunate enough to open them. According to bfk.de, Spamhaus, and SpyNoMore, several other web addresses are also being redirected to that IP address, including phgainc.org, brachetti.com, and camouflageclothingonline.net. It’s unclear how long checkfree.com and mycheckfree.com were redirected to the rogue servers or whether customers have been warned they may have been compromised. It’s also unclear how the culprits managed to hijack the domains. While security experts say DNS poisoning wasn’t out of the question, the more likely explanation is malicious transfer of the domains through their registrar. Indeed, whois records for both the addresses indicate they were updated sometime Tuesday. Credit: The Register Email, Bookmark or Share: * E-mail this story to a friend! * Digg * del.icio.us * StumbleUpon * Reddit * Technorati * Slashdot * Propeller * Google * Live * YahooMyWeb * TwitThis * Facebook * LinkedIn More on CyberInsecure: Another Google Adwords Phishing Attack In Progress Photobucket DNS Records Hijacked By A Hacking Group Hackers Hijack ICANN And IANA’s Domains Hacked Comcast.net Leaves Users Without Email Access AlertPay.com Hit By A Massive DDoS Attack, Outage Took A Day To Resolve Posted in Breaches And Incidents, Data Theft, Hacked | Print This Post Print This Post This entry was posted on Wednesday, December 3rd, 2008 at 12:15 pm and is filed under Breaches And Incidents, Data Theft, Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site. If you found this information useful, consider linking to it from your own website. Just copy and paste the code below into your website (Ctrl+C to copy) It will look like this: CheckFree Online Payment Site Hijacked By Criminals, Users Redirected To Rogue Server Leave a Reply Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published. ______________________ Name (required) ______________________ Mail (will not be published) (required) ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ Submit Comment Anti-spam word: (Required)* To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word. ______________________________ Click to hear an audio file of the anti-spam word [_] Notify me of follow-up comments via e-mail. « « AlertPay.com Hit By A Massive DDoS Attack, Outage Took A Day To Resolve Daily Mail Serves Malicious Ads, Readers Redirected To Malware Installing Server » » * Categories + Apple (24) + BitTorrent (7) + Botnets (5) + Breaches And Incidents (56) + Data Theft (97) + DDoS (8) + Google (28) + Hacked (54) + Hardware (27) + Malware (95) + Mass Web Attacks (27) + Microsoft (41) + Mobile (9) + Offline (10) + Phishing (30) + Privacy (89) + Scams (30) + Software (92) + Spam (59) + SQL Injections (14) + Targeted Attacks (30) + Trojans & Worms (68) + Uncategorized (3) + Vista (20) + VoIP (4) + Vulnerabilities (170) + Windows (10) + XSS (11) * Archives + December 2008 + November 2008 + October 2008 + September 2008 + August 2008 + July 2008 + June 2008 + May 2008 + April 2008 + March 2008 * Links + GovernmentSecurity.org + NoScript Firefox Extension + SANS Internet Storm Center + Your link in here? * Get Firefox Advertise * Internet Threat Level [level1.jpg] Threat Level Definitions * Recent Entries + Friendster Social Networking Users Attacked By Malicious Spam + Google Flooded With More Than A Million Of Open Redirect Links That Infect Users With Malware + Trend Micro Releases Update For HouseCall Due To Vulnerable ActiveX Control + Unpatched Vulnerability In Microsoft’s SQL Server + Hackers Exploit Sony’s PlayStation Home + Critical Internet Explorer Security Vulnerability Fixed By Microsoft + Numerous Securty Vulnerabilities Patched In Firefox 3.0.5 + Extremely Severe Vulnerabilities Patched In Opera Browser + Google Sponsored Links Offer Free Software And Install Malware + SSL Encryption Certificates Used To Protect Websites Flawed, Affected Sites Include US Central Intelligence Agency, NASA, The World Bank * Vendor Security Alerts + Adobe + Apache + Debian + Gentoo Linux + HP + Microsoft + NetBSD + OpenBSD + Oracle + Red Hat Linux + SGI + Sun Security Information + SuSE Linux * Subscribe + Posts | Comments + Add to Google + Add to My Yahoo! + Subscribe with Bloglines + Add to Technorati Favorites + Add to netvibes + Add to My Rojo + Subscribe with NewsGator + Add to My AOL + Add to Windows Live Favorites + Add to My MSN * Members + Log in + Become An Author The Internet Traffic Report monitors the flow of data around the world. Latest Virus Descriptions + Trojan-Downloader.JS.Small.fi 29 Oct 2008 20:03:00 +030 This Trojan downloads other files via the Internet and launches them for execution on the victim machine. The program is an HTML page which contains Java Script scenarios. It is 1432 bytes in size. + Trojan-PSW.Win32.OnLineGames.sxa 29 Oct 2008 20:01:00 +030 This malicious program is a Trojan. It is a Windows PE EXE file. It is 118103 bytes in size. Installation The Trojan copies its executable file to the Windows system directory: %System%\kavo.exe In order to ensure that the Trojan is launched automatically each time the system is restarted, the… + Trojan-PSW.Win32.OnLineGames.lfi 29 Oct 2008 20:00:00 +030 This malicious program is a Trojan. It is a Windows PE EXE file. It is 123873 bytes in size. Installation The Trojan copies its executable file to the Windows system directory: %System%\amvo.exe In order to ensure that the Trojan is launched automatically each time the system is restarted, the… + Trojan-Downloader_Win32_Agent.nmi 29 Oct 2008 19:59:00 +030 This Trojan downloads another program via the Internet and launches it on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. The size of infected files can range from 18KB to 47KB. + Trojan-Downloader.Win32.Braidupdate.c 28 Oct 2008 15:54:00 +030 This Trojan downloads another program via the Internet and launches it on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 79360 bytes in size. It is written in C++. Installation In order to ensure that the Trojan is launched automatically each… + Trojan-Downloader.JS.Agent.sg 28 Oct 2008 15:52:00 +030 This Trojan downloads other files via the Internet and launches them for execution on the victim machine. It is an HTML page which contains Visual Basic Script and Java Script. It is 677 bytes in size. + Trojan-GameThief.Win32.OnLineGames.tnys 28 Oct 2008 15:48:00 +030 This Trojan is designed to steal account data from the online game LineAge2. It is a Windows PE EXE file. It is 654848 bytes in size. + Trojan-PSW.Win32.OnLineGames.rlh 28 Oct 2008 15:39:00 +030 This malicious program is a Trojan. It is a Windows PE EXE file. It is 112736 bytes in size. Installation The Trojan copies its executable file to the Windows system directory: %System%\kavo.exe In order to ensure that the Trojan is launched automatically each time the system is restarted, the… + Trojan-Downloader.Win32.Delf.cgx 20 Oct 2008 15:56:00 +030 This Trojan downloads other files via the Internet and launches them for execution on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 48128 bytes in size. It is packed using PECompact. The unpacked file is approximately 131KB in size. It is… + Backdoor.Win32.Small.x 20 Oct 2008 15:54:00 +030 This Trojan provides a remote malicious user with access to the victim machine. It is a Windows PE EXE file. It is 1087 bytes in size. CyberInsecure.com - Copyright (c) 2008 Creative Commons License Any trademarks or registered trademarks mentioned on this site belong to their respective owners.