Targeted E-mails Download Trojan on PayChoice Customers’ Systems

PayChoice has stated that it is probing into a security violation due to which its consumers got targeted e-mails that posed as messages from the company, but deceived them into downloading a malicious program. Based in Moorestown (N.J), PayChoice is a company that processes payrolls.

Employees got e-mails during the end week of September 2009, which instructed them to download a browser plug-in online or go to websites hosted on certain Polish servers so that they could keep on having access to the Onlineemployer.com portal of PayChoice. Thus, users who followed the instruction, downloaded malware that tried to exploit security flaws within Adobe Reader, Adobe Flash, and IE, PayChoice stated.

Meanwhile, PayChoice e-mailed to its consumers informing that the fake messages were sent through Yahoo's free web-mail. Security analysts further said - the fraudulent electronic mails were addressed to specific people and contained the targeted persons' usernames, partial passwords, and login IDs that raised the possibility of recipients becoming victims of the ruse.

Distinct from standard 'phishing' campaigns where scammers dispatch randomly to people in anticipation that at least a small proportion of recipients using the targeted organization's services would respond, the current attack used the names of PayChoice's customers inside the e-mail. Additionally, there was a mention of every recipient's onlineemployer.com login details like username and partial password inside the respective e-mails.

As for the malware payload in the attack, scammers used Trojan 'Bredolab', and researchers state that the scam was designed for capturing Internet banking details of those employees who handled company funds.

Although PayChoice didn't reveal the number of people who got the e-mail, it stated that majority of the workers whom PayChoice served didn't normally use the site. The payroll processing company offers payroll services and software for the benefit of 125,000 organizations.

Nevertheless, security analysts stated that the current types of attacks had an immense possibility that the maliciously crafted bogus e-mails would reach someone who was authorized to access the business bank account of his employer. They further indicated that the e-mails' detailed information suggested that there was some source that provided the internal information.

Related article: TRUSTe Certified Websites May Still Contain Malware

» SPAMfighter News - 10/21/2009