Attacker used an elaborate multi-stage concept to hit Maplesoft customers where they were able to access the software company’s customer database and then went out and asked customers to install a malicious “security patch” on behalf of the company.
What came right after that “patch” was the Zeus Trojan.
The attackers broke into the company’s database last Tuesday, accessing customers’ email addresses, first and last names, and organization names, according to Maplesoft. On the same day, the intruders sent out bogus emails to customers on behalf of Maplesoft. The well-written emails, which addressed customers by their actual first names, asked recipients to install a security update that affects all Maplesoft products.
In some cases, the bogus patch came directly attached to the email as a password-protected ZIP archive called Maple_Patch.zip, which made it more difficult for virus scanners to detect.
The archive contains a file called MapleFix.exe that appears to be a variant of the Zeus Trojan. On the following day, the attackers changed their strategy and tried to lure email recipients to a web page that contained malicious code.
For this purpose, the attackers registered maple-soft.com, the only difference from the software company’s legitimate domain is the hyphen.
Maplesoft said it has already closed the hole the attackers exploited to access the database, and the affected customers have been informed. The company added intruders were not able to access customers’ payment details during the breach. Maplesoft offers products such as the Maple computer algebra system, and the MapleSim physical modeling and simulation software.
This is just one case showing the increased level of sophistication involved in a targeted attack.