CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
December 3rd, 2008

CheckFree Online Payment Site Hijacked By Criminals, Users Redirected To Rogue Server

Online payment service CheckFree lost control of at least two of its domains on Tuesday in an attack that sent customers to servers run by cybercriminals from Eastern Europe.

The Register reports about a reader who received a bogus secure sockets layer certificate when attempted to log in to his Mycheckfree.com account early Tuesday morning. On further examination, he discovered the site was mapping to 91.203.92.63. To confirm the redirection was an internet-wide problem, he checked the site using a server in another part of the US and got the same result. Commercial customer support tech was not aware of any problem.

Security experts say the 91.203.92.63 IP address has long served as a conduit for online crime. According to security researcher Paul Ferguson of anti-virus software provider Trend Micro, the IP address was recently observed handing off booby-trapped PDF files that infected those unfortunate enough to open them.

According to bfk.de, Spamhaus, and SpyNoMore, several other web addresses are also being redirected to that IP address, including phgainc.org, brachetti.com, and camouflageclothingonline.net.

It’s unclear how long checkfree.com and mycheckfree.com were redirected to the rogue servers or whether customers have been warned they may have been compromised.

It’s also unclear how the culprits managed to hijack the domains. While security experts say DNS poisoning wasn’t out of the question, the more likely explanation is malicious transfer of the domains through their registrar. Indeed, whois records for both the addresses indicate they were updated sometime Tuesday.

Credit: The Register

Share this item with others:

More on CyberInsecure:
  • Another Google Adwords Phishing Attack In Progress
  • Fort William Mountain Bike World Cup 2009 Site Hijacked, Redirects Visitors To Rogue Anti-Virus Page
  • Photobucket DNS Records Hijacked By A Hacking Group
  • Hackers Hijack ICANN And IANA’s Domains
  • Government .gov Domains DNS Hijacked, Point To Adult Content And Push Adware

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: CheckFree Online Payment Site Hijacked By Criminals, Users Redirected To Rogue Server

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.