According to an internet security firm, Electronic Arts Games company web server has been compromised by hackers, they are placed form for asks users to enter their Apple IDs the credentials needed to access services like Apple's iTunes.Hacker @DerpTrolling to claimed and responsibility for the outages, he was confirmed via their twitter account while also suggesting that it was a distributed denial of service attack which caused the problems.
The compromised server is used by two websites in the ea.com domain, and is ordinarily used to host a calendar based on WebCalendar 1.2.0. This version was released in September 2008 and contains several security vulnerabilities which have been addressed in subsequent releases.
A vulnerability which allows an unauthenticated attacker to modify settings and possibly execute arbitrary code. It is likely that one of these vulnerabilities was used to compromise the server, as the phishing content is located in the same directory as the WebCalendar application.
EA's servers came under attack earlier this year under a separate attack targeting users of its Origin distribution software, the security company noted.
According to Net Craft, the phishing site attempts to trick a victim into submitting his Apple ID and password. It then presents a second form which asks the victim to verify his full name, card number, expiration date, verification code, date of birth, phone number, mother's maiden name, plus other details that would be useful to a fraudster.
Compromised internet-visible servers are often used as "stepping stones" to attack internal servers and access data which would otherwise be invisible to the internet, although there is no obvious outward facing evidence to suggest that this has happened.
In this case, the hacker has managed to install and execute arbitrary PHP scripts on the EA server, so it is likely that he can at least also view the contents of the calendar and some of the source code and other data present on the server.
The mere presence of old software can often provide sufficient incentive for a hacker to target one system over another, and to spend more time looking for additional vulnerabilities or trying to probe deeper into the internal network.
As well as hosting phishing sites, EA Games is also the target of phishing attacks which try to steal credentials from users of its Origin digital distribution platform.
Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter
No comments:
Post a Comment