Hackers pose as hacked software vendor to spread Zeus trojan

Hackers are sending well-crafted malicious spam to customers of software vendor MapleSoft whose details were stolen in a recent data breach.

The company, which makes modelling and educational software for engineering and other sciences, reported last week its administrative database was breached on July 17, exposing email addresses, first and last names and the name of the institution the contact was from.

Its clients include the University of New South Wales, which hosts the software at its School of Mathematics and Statistics labs.

MapleSoft said the perpetrators appeared to be using details taken from the database to encourage victims to install malware, which Symantec has confirmed as the Zbot (Zeus) trojan.

The attackers sent the vendor’s customers an email purporting to be from the “MapleSoft Security Update Team”, which advised them to immediately apply a security patch for MapleSoft's software or risk “sever system crashes and data loss”, according to one email published by Symantec.

On the day of the MapleSoft data breach the attackers had also registered “maple-soft.com”, nearly identical to the real maplesoft.com. The fraudulent domain was included in spam that encouraged targets to click the link in the message. The page is used to redirect victims to a Blackhole exploit kit page.

“While we have seen plenty of database breaches in recent weeks, none have resulted in a crafted campaign such as this. This just goes to show how these types of attacks have evolved from blind phishing to more sophisticated, targeted messages. Having this type of data on-hand is like having an ace up the sleeve,” wrote Symantec security response engineer, Jeet Morparia.

The attackers had initially attached the fake patch as a ZIP file but quickly changed tactics, H-Online reported.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Copyright © 2012 IDG Communications, Inc.

The 10 most powerful cybersecurity companies