Blog Hacked, Phishing Attack Ensues

Friday, April 19, 2013 @ 03:04 PM gHale

Cyber criminals hacked into the official UGG blog and they’re using it to host a malicious file that’s part of an HSBC phishing scam, researchers said.

The goal of the phishing scam is to harvest the personal and financial details of users.

Phishing Hole: Execs Names Pilfered
Malware Attacks Hit Constantly
Spear Phishing: Energy Sector Targeted
Malware Hits Apache Servers

The attack starts with an email that comes with an HTML file attached to it. When executed, the HTML file opens a webpage that replicates the official HSBC website, Netcraft researchers said.

Here, victims end up asked to submit information. The submitted data ends up harvested by a PHP script stored in the UGG blog’s stylesheet directory.

In the final phase, victims then end up redirected to the legitimate HSBC website to make everything more legitimate-looking.

The UGG blog (, hosted by Media Temple, is a WordPress site, which means there might be a connection between this scheme and the recent brute-force attacks utilized to hijack WordPress websites.

Leave a Reply

You must be logged in to post a comment.