Maplesoft customers attacked
Posted on: 07/19/2012 03:58 PM
[
Comments
]
Cyber criminals have used an elaborate multi-stage concept to attack Maplesoft customers: the perpetrators accessed the software company's customer database and then asked customers to install a malicious "security patch" on behalf of the company. Those who complied proceeded to infect their systems with the Zeus trojan.
According to Maplesoft, the unknown attackers broke into the company's database last Tuesday, accessing customers' email addresses, first and last names, and organization names. On the same day, the intruders reportedly started to send out bogus emails to customers on behalf of Maplesoft. The well-written English-language emails addressing customers by their actual first names asked recipients to install an alleged security update that affects all Maplesoft products.
In some cases, the bogus patch was directly attached to the email as a password-protected ZIP archive called Maple_Patch.zip, which made it more difficult for virus scanners to detect. The archive contains a file called MapleFix.exe that appears to be a variant of the Zeus trojan. On the following day, the attackers changed their strategy and tried to lure email recipients to a web page that is thought to have contained malicious code. For this purpose, the fraudsters had registered maple-soft.com, the only difference from the software company's legitimate domain is the hyphen.
Maplesoft says that it has already closed the hole the attackers exploited to access the database, and that the affected customers have been informed. The company added that intruders were not able to access customers' payment details during the breach. Maplesoft offers products such as the Maple computer algebra system, and the MapleSim physical modeling and simulation software.
This case is an impressive example of the level of professionalism that is now being used by gangs of cyber criminals. Previously, customer data that was stolen during database hacks was mainly used when sending out arbitrary spam messages. The attack campaign after the Maplesoft hack, on the other hand, was specially tailored for the email recipients.
According to Maplesoft, the unknown attackers broke into the company's database last Tuesday, accessing customers' email addresses, first and last names, and organization names. On the same day, the intruders reportedly started to send out bogus emails to customers on behalf of Maplesoft. The well-written English-language emails addressing customers by their actual first names asked recipients to install an alleged security update that affects all Maplesoft products.
In some cases, the bogus patch was directly attached to the email as a password-protected ZIP archive called Maple_Patch.zip, which made it more difficult for virus scanners to detect. The archive contains a file called MapleFix.exe that appears to be a variant of the Zeus trojan. On the following day, the attackers changed their strategy and tried to lure email recipients to a web page that is thought to have contained malicious code. For this purpose, the fraudsters had registered maple-soft.com, the only difference from the software company's legitimate domain is the hyphen.
Maplesoft says that it has already closed the hole the attackers exploited to access the database, and that the affected customers have been informed. The company added that intruders were not able to access customers' payment details during the breach. Maplesoft offers products such as the Maple computer algebra system, and the MapleSim physical modeling and simulation software.
This case is an impressive example of the level of professionalism that is now being used by gangs of cyber criminals. Previously, customer data that was stolen during database hacks was mainly used when sending out arbitrary spam messages. The attack campaign after the Maplesoft hack, on the other hand, was specially tailored for the email recipients.
Comments
