Brian Krebs at the Washington Post, in an article on his “Security Fix” blog, is reporting that a new phishing campaign seems to have been launched, aimed at the administrators of Web sites. The goal of the Bad Guys, apparently, is to get login or FTP credentials for the sites, so that they can be hijacked and used to mount “drive-by download” attacks to distribute malware. This seems to have become the technique du jour for distributing various types of malware.
The phishing messages that have been seen so far all have more or less the same basic message:
Due to the system maintenance, we kindly ask you to take a few minutes to confirm your FTP details.
There is a link which, when clicked (you do know not to do that, right?), brings the user to a malicious Web site made to look like a cPanel administration page. When the unsuspecting user enters his login credentials, they are recorded, and he is then redirected to his legitimate Web site.
As always, be very suspicious of any unsolicited E-mail that requests any sort of personal information, even if it is purportedly from someone you do business with, such as your Web hosting company. It is always a good idea to confirm the authenticity of any such message independently (for example, by making a phone call).
The StopBadware.org Web site has a page of tips for keeping your site secure and free of malicious content.
