Hackers pose as hacked software vendor to spread Zeus trojan

And register a typosquatter-like domain of vendor as redirect page to Blackhole exploit kit.

Hackers are sending well-crafted malicious spam to customers of software vendor MapleSoft whose details were stolen in a recent data breach.

The company, which makes modelling and educational software for engineering and other sciences, reported last week its administrative database was breached on July 17, exposing email addresses, first and last names and the name of the institution the contact was from.

Its clients include the University of New South Wales, which hosts the software at its School of Mathematics and Statistics labs.

MapleSoft said the perpetrators appeared to be using details taken from the database to encourage victims to install malware, which Symantec has confirmed as the Zbot (Zeus) trojan.

The attackers sent the vendor’s customers an email purporting to be from the “MapleSoft Security Update Team”, which advised them to immediately apply a security patch for MapleSoft's software or risk “sever system crashes and data loss”, according to one email published by Symantec.

On the day of the MapleSoft data breach the attackers had also registered “maple-soft.com”, nearly identical to the real maplesoft.com. The fraudulent domain was included in spam that encouraged targets to click the link in the message. The page is used to redirect victims to a Blackhole exploit kit page.

“While we have seen plenty of database breaches in recent weeks, none have resulted in a crafted campaign such as this. This just goes to show how these types of attacks have evolved from blind phishing to more sophisticated, targeted messages. Having this type of data on-hand is like having an ace up the sleeve,” wrote Symantec security response engineer, Jeet Morparia.

The attackers had initially attached the fake patch as a ZIP file but quickly changed tactics, H-Online reported.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about eSoftSymantecUniversity of New South WalesUniversity of New South Wales

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts