CheckFree.com Bill Pay Web Site Hijacked

by MikeM on December 29, 2008

So you think you have security concerns and problems with your home network and computers?  On December 2, 2008 the online bill pay company CheckFree.com had its web site hijacked and redirected to a look-alike site in Ukraine that was attempting to infect visitors with malicious software. The hijacking lasted over nine hours before the non-CheckFree site was shut down.

According to the Washington Post, “Online bill pay giant CheckFree.com said the hijacking of its Web site this month affected an estimated 160,000 people, a disclosure that offers the most detailed account yet of the true size and scope of a brazen type of attack that experts say may become more common in 2009.”

The Post continued, “In a filing with Wisconsin’s Office of Privacy Protection, CheckFree said at least 160,000 people may have visited the site during the nine-hour period it was hijacked, which had redirected visitors to a site in Ukraine. An analysis of that Ukranian site indicated that it was trying to exploit known security flaws in Adobe Acrobat and Adobe Reader, in an attempt to install a variant of the the Gozi Trojan, which is among the most sophisticated password-stealing programs in use today.”

Hijacking Details

The PC World web site provided additonal details, “The site was redirected at around 12:30 a.m. Eastern Time on December 2, after someone logged into CheckFree’s Network Solutions account and changed the domain’s DNS settings, said Susan Wade, a Network Solutions spokeswoman. By changing the domain’s DNS settings, the criminals were able to redirected Internet traffic to their own server.”

According to CheckFree, “During the incident, users would have seen a blank page if they were redirected to the non-CheckFree site. Those with up-to-date security software would likely have received a message indicating a malware download attempt had occurred. If the user’s anti-virus software was out of date or they did not have anti-virus software installed, they may have been subject to a malware software download. The attack targeted flaws in Adobe Acrobat and Adobe Reader”

CheckFree is advising its customers to download antivirus software and the latest updates to Adobe Reader, used to view pdf files.

CheckFree.com Not the Only Hijacked Site

It appears that CheckFree was not alone. In a follow up article the Washington Post explained, “CheckFree.com was not the only site that the attackers hijacked and redirected back to the Ukrainian server. Tacoma, Wash., based anti-phishing company Internet Identity found at least 71 other domains pointing to the same Ukranian address during that same time period.”

According to PC World, “This isn’t the first time Network Solutions’ account credentials have been used to seize control of a Web site. In May, hackers used a similar technique to knock Comcast.net off-line for several hours.”

Computer Security – Keeping Software Updated

These serious breaches seemed to fly under the radar of most news outlets, perhaps due to the holiday season. On a somewhat ominous note security experts indicate that these types of criminal attacks may become more prevelant in the future. Yet another warning to keep your Internet Security software (including firewall and intrusion protection functionality) as well as other software such as Adobe Acrobat & Acrobat Reader, Microsoft Windows and Microsoft Office up to date.

Share

Comments on this entry are closed.

Previous post:

Next post: