Security

German Software Maker Ashampoo Warns of Malware After Hack

A German software company known for its Windows utilities is warning customers to be on the alert for malicious e-mail messages after its servers were hacked.

Ashampoo, which also makes multimedia programs and security software, warned customers Wednesday that it had been hacked and that customers could now be sent infected emails that give criminals a way into their computers.

"We assume that the attackers were able to purloin data of customers," the company said in an e-mail message sent to customers. Billing information such as credit card numbers was not stolen, the company said, because that data is stored on another server, operated by a contractor. The company has nearly 14 million customers, but it's not immediately clear how many have had their names and e-mail addresses stolen.

On a Web page devoted to the incident, Ashampoo warned customers that the hackers may try to say them bogus online order confirmations laced with malicious attachments. "If you for example receive a confirmation of an order from PurelyGadgets or another company without having made an appropriate purchase there, please do not open the attachment and delete the e-mail immediately," Ashampoo wrote.

PurelyGadgets is a U.K.-based online retailer that said recently that scammers had been sending out fake orders, pretending that they were from the company.

It's not clear whether those e-mails were sent by the Ashampoo hackers, but that seems to be the implication. Neither Ashampoo nor PurelyGadgets could be reached immediately for comment.

Ashampoo provided two samples of the maliciously encoded Adobe PDF files that the hackers are sending. Those samples don't actually mean much, however, since the bad guys typically change their malicious files on a daily basis to evade antivirus software detection.

The type of PDF-file attack described by Ashampoo has been popular since 2007 and it is still effective, said Patrick Peterson, a Cisco security researcher. "The PDF method is tough for antivirus to detect," he said in an e-mail interview. "We will see many breaches like this for the next 12 to 18 months."

The Ashampoo breach does not appear to be connected to the recent compromise at Internet marketer Epsilon, where names and e-mail addresses were also stolen, said Neil Schwartzman, executive director of the Coalition Against Unsolicited Commercial Email.

Still, it's bad news for Ashampoo, a company that sells security software. "They got their list stolen and somebody's spamming it with some sort of malware; that's the long and short of it," Schwartzman said.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Subscribe to the Security Watch Newsletter

Comments