Stanford University Site Hosted Phishing Pages for Months
Hackers compromised the website of the Paul F. Glenn Center for the Biology of Aging at Stanford University to deploy phishing sites, hacking tools, and defacement pages since January, Netcraft has discovered.
The website was compromised on Jan. 31, and multiple hackers exploited security gaps to deploy their malicious pages over the next several months. During the initial compromise, the hacker placed a rudimentary PHP web shell named wp_conffig.php into the top-level directory of the website, and the naming scheme allowed the shell to remain accessible for four months.
The anonymously accessible web shell on the server allowed for further compromise although the Stanford site was updated to the latest release of WordPress (4.7.5) on 20 April 2017. Thus, a second web shell was deployed on the server by May 14, Netcraft reports. However, the server didn’t run the latest version of PHP.
The second shell was based on the WSO (Web Shell by Orb) script, “which displays directory listings and offers several other hacking tools that can be used to crack passwords and gain access to databases,” Netcraft explains. In an attempt to make the shell difficult to spot, the actor named it config.php.
Six minutes later, an HTML file named Alarg53.html that only displayed the message “Hacked by Alarg53” was also uploaded on the server. Similar defacement pages can be found on dozens of other websites, and the security researchers suggest that “the hacker is well versed at using web shells to compromise websites.”
On May 15, another hacker took advantage of the compromise to deploy a Chinese HiNet phishing site on the server, to steal webmail credentials from customers of the Chunghwa Telecom internet service. On May 21, a hacker uploaded a defacement page called TFS.html, and another HiNet phishing site was deployed later the same day.
On May 23, two archives were uploaded to the server and were extracted to multiple locations to create several phishing sites targeting users of Office365 and LinkedIn. The next day an archive containing a generic phishing kit to steal a victim's email address and password was uploaded to the server.
Dubbed ileowosun.zip, a phishing kit uploaded on May 27 was targeting SunTrust Bank users with a fraudulent login form. Each of the kits used a different set of email addresses to collect the stolen credentials, and the security researchers suggest different actors were behind each of them.
Two of the phishing kits were removed from the server on May 29, along with the directories they were unzipped into, and Netcraft believed a rival hacker did this, considering that no other phishing kit or hacking tool was removed. A second SunTrust phishing kit was uploaded the same day.
“A single Stanford University website has ended up hosting several hacking tools that have likely been used by multiple hackers to deploy a similar number of phishing sites onto the server. Failing to notice and remove the hacking tools could well have compounded the problem by facilitating the more recent compromises,” Netcraft concludes.
Has anyone else received a letter in the mail from Sun Trust Inc?
RE: AWARD NOTIFICATION #SMD986UYT
Now, we would like to explain to you the Federal and International regulations governing the personal collections of cash prizes. Prize winnings are released to you as soon as your Clearance Fee is deducted and paid. That will be the day that your cheque will be released from our remittance office. Your clearance fee is provided for you and is a calculated amount based on the size of your win as required by Federal and International regulations. Note that once your clearance fee is paid, you will receive your winnings in the form of a certified check or if you request, by bank transfer directly into your bank account or any accounted nominated by you.
Suntrust Online Banking | Sign in Suntrust Online
Suntrust online banking is a new way of paying bills, getting statements and making money transfers. In the new era of communication suntrust login is a most convenient way to manage your finances. Suntrust offers you wide variety of solutions which type depend upon you’re the style of your life.
The first step to open yourself the opportunities that are aimed to change the way of conducting your bank account is suntrust login making. To start this procedure you need to go to official suntrust.com website. Always check the address of the website you are accessing because it can be the fake page made for phising.
Screenshot of Suntrust website www.suntrust.com
Soon after you have entered the website you will find the standard registration form there you will be asked to enter your user ID and password.
You can tick “remember User ID” and then every time you will go to suntrust.com website you User ID bar will be already filled.
If you don’t have an User ID for Suntrust banking online you can’t sign in suntrust online. To receive your own personal Suntrust login you need to go to the nearest Suntrust banking office with your passport or credit card to get it from the manager. It is a common way of registration for banks because it helps to save privacy from fraud and other deceptions, because during the internet registration some of the sensitive iformation (such as usernames and paswords may be stolen).
So as you can see Suntrust sign in procedure is rather simple. Operations with checks and credit card have become less time-consuming without leaving the comfort of your house. It means that now you can spend your time without standing in lines waiting for simple operations or papers. It is a chance for you to spend it with your family or for another purpose that gives more pleasure.
suntrust phishing email
We have many A-Z keywords for this term. We offer them for FREE unlike many other keyword services, however we do require that you are a registered member to view them all so that the costs will remain lower for Us.
These are some keyword suggestions for the term "Suntrust".
These are the linked keywords we found.
Gallery images and information: Suntrust
3538 x 2484 jpeg 6169kB
333 x 500 jpeg 247kB
640 x 434 jpeg 20kB
1000 x 480 jpeg 393kB
5331 x 3544 jpeg 2208kB
1240 x 698 jpeg 1046kB
1200 x 700 jpeg 190kB
400 x 275 jpeg 25kB
620 x 454 jpeg 191kB
600 x 800 jpeg 133kB
361 x 367 jpeg 39kB
1590 x 1000 jpeg 515kB
2048 x 1737 jpeg 1032kB
800 x 598 jpeg 436kB
842 x 738 jpeg 223kB
1920 x 1080 jpeg 657kB
571 x 800 jpeg 138kB
2272 x 1704 jpeg 776kB
1300 x 1281 jpeg 366kB
"SunTrust Advisors" may be officers and/or associated persons of the following affiliates of SunTrust Banks, Inc.: SunTrust Bank, our commercial bank, which provides banking, trust and asset management services; SunTrust Investment Services, Inc., a registered broker-dealer, which is a member of FINRA and SIPC , and a licensed insurance agency, and which provides securities, annuities and life insurance products; SunTrust Advisory Services, Inc., a SEC registered investment adviser which provides Investment Advisory services.