Scammers take advantage of Epsilon data breach

Posted by   Virus Bulletin on   Apr 18, 2011

Trojan hidden as security tool for affected customers.

Scammers are currently taking advantage of the data breach that affected email security provider Epsilon recently, by creating a copy of Epsilon's website and claiming that people can download a 'security tool' that tells them whether they have been affected.

While far from the first time that hackers have obtained personally identifiable information, the attack on Epsilon made the headlines because of its size and the number of financial organisations affected - which raised concerns that the data could be used for targeted attacks such as spear phishing. Epsilon did not help its case by providing very little information about the attack, adding to the feeling of unease among its clients' customers.

Scammers are now playing on these concerns by creating a fake copy of the company's website, which claims to have a tool which users can download and use to determine whether their personal data has been stolen. Of course the 'tool' is, in fact, a trojan dropper, and when downloaded it infects the machine with malware.

Computer users have good reason to worry about leaked personal data, but they should not let these worries get in the way of acting responsibly when downloading files from the Internet. Companies that have been attacked by hackers have reason to worry about damage to their reputation, but they should be aware that by not being open about the attacks they can make matters worse both for themselves and for their customers.

More at Websense here.

Posted on 18 April 2011 by Virus Bulletin

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

WannaCry shows we need to understand why organizations don't patch

Perhaps the question we should be asking about WannaCry is not "why do so many organizations allow unpatched machines to exist on their networks?" but "why doesn't patching work reasonably well most of the time?"

Modern security software is not necessarily powerless against threats like WannaCry

The WannaCry ransomware has affected many organisations around the world, making it probably the worst and most damaging of its kind. But modern security is not necessarily powerless against such threats.

Throwback Thursday: CARO: A personal view

This week sees the 11th International CARO Workshop taking place in Krakow, Poland – a prestigious annual meeting of anti-malware and security experts. As a founding member of CARO, Fridrik Skulason was well placed, in August 1994, to shed some light…

VB2016 paper: Uncovering the secrets of malvertising

Malicious advertising, a.k.a. malvertising, has evolved tremendously over the past few years to take a central place in some of today’s largest web-based attacks. It is by far the tool of choice for attackers to reach the masses but also to target…

Throwback Thursday: Tools of the DDoS Trade

As DDoS attacks become costlier to fix and continue to increase in both number and diversity, we turn back the clock to 2000, when Aleksander Czarnowski took a look at the DDoS tools of the day.