Blog
Be careful Ameritrade customers!
05.25.2007 - 9:59 AMPrevious Posts
May 2007| 05/25/2007 | Be careful Ameritrade customers! » |
| 05/22/2007 | Month of Bugs » |
| 05/16/2007 | Google, "the ghost in the browser" : The Good NEWS and the bad NEWS... » |
| 05/04/2007 | Kernel Driver Backdooring » |
+ April 2007
+ March 2007
+ February 2007
+ January 2007
+ December 2006
Yesterday we noticed that one of the sites our Threatseeker technology was classifying appears to be using a typo-attack to infect users. The site is a typo attack on the real domain “freetrade.com” which is owned by Ameritrade / TD and is an online brokerage site. We are not including the real domain publicly since there is a variety of exploit code on the site, but its one character of the real site.
If accessed, and vulnerable, users will be redirected through a variety of encoded JavaScript exploit code that are included with the Web Attacker toolkit. Over the last two days the site has not had a lot of traffic, but has successfully infected more than 200 users (see screenshot below).
The exploit code loads a Trojan Horse Backdoor which has passwords stealing capabilities.
Web Attacker Statistics Screen on site:
Larger screenshot: http://www.websense.com/securitylabs/images/alerts/freetrade1.png
