[ISN] Targeted e-mails distribute malware in PayChoice breach

From: InfoSec News <alerts_at_private>
Date: Fri, 2 Oct 2009 04:37:04 -0500 (CDT)
http://news.cnet.com/8301-27080_3-10365830-245.html

By Elinor Mills
Insecurity Complex
CNet News
October 1, 2009

Payroll processor PayChoice said Thursday it is investigating a breach 
in which customers received targeted e-mails purporting to be from the 
company but were designed to trick people into downloading malware.

Workers received e-mails last week that directed them to download a 
browser plug-in or visit a Web site so they could continue accessing the 
Onlineemployer.com PayChoice portal. Malware in the download and on the 
Web site turned out to exploit holes in Internet Explorer, Adobe Flash, 
and Adobe Reader, PayChoice said.

The e-mails were targeted to individuals and included their user names, 
login IDs, and partial passwords, thus increasing the chance that 
recipients would be likely to fall for the ruse.

In a statement, PayChoice did not say how many people received the 
e-mails but said most of the employees served by PayChoice do not use 
the portal. PayChoice, based in Moorestown, N.J., provides payroll 
software and services to 125,000 businesses. 

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Fri Oct 02 2009 - 02:37:04 PDT

This archive was generated by hypermail 2.2.0 : Fri Oct 02 2009 - 03:05:13 PDT