May 19, 2011 at 1:14 AM ET
Verizon Wireless customers who tried to pay their bills online last week may have been hit by an ingenious, almost undetectable hacker attack aimed at stealing their identities.
Consumers whose computers were infected with the SpyEye Trojan horse program would have been redirected to a Web site controlled by criminals after they logged into Verizon Wireless' website, according to Israel-based security firm Trusteer. Then they were presented with a form that appeared to be from Verizon, but tricked users into entering a detailed series of personal information, including their Social Security number and credit card information.
"The attack is transparent to Verizon customers since the malware waits for the user to log on and access their billing page, and only then injects an authentic-looking replica Web page that requests this information," said Amit Klein, Trusteer's CEO. "Since the user has logged on and has navigated to the familiar billing page they have no reason to suspect this request for payment information is fraudulent."
SpyEye is a copycat of the powerful Zeus Trojan horse that has been successfully used in massive electronic banking heists, including a series of thefts the FBI warned about recently that hit U.S. companies and sent millions of dollars to six Chinese cities.
The attacks occurred between May 7 and May 13, Trusteer said.
Verizon confirmed the attack late Wednesday night, but said it didn't impact its systems — only consumers who failed to secure their own computers were hit.
"No Verizon systems or networks were breached," said Verizon spokesman Bill Kula in an email to msnbc.com. "Customer data was protected unless their PC was not protected by anti-virus software with current definitions. We encourage all customers to use anti-virus software and keep their ant-virus definitions current."
Verizon said at least one other "major communications company" was targeted by the SpyEye attack, but declined to identify the firm.
It also noted that consumers who were infected with the Trojan horse, but didn't log in to Verizon or that other firm, were not impacted.
"(Computer criminals) typically just go after anyone they can infect," Kula said. "We have no indication it is more than this. The bogus page will only launch when they try to go to our billing site. There could be many other people infected who are not our customers, and thus will not see the bogus page launch."
Trusteer said it had reason to believe at least some consumers had fallen for the scam, but couldn't say how many.
Hackers have taken to increasingly sophisticated malicious software that lies in wait until consumers — or businesses — are particularly vulnerable, such as immediately after logging on to a financial website. It's a troubling trend, Klein said.
"While this attack is not technically new, it continues a financial malware trend we have been tracking in recent weeks: a shift away from stealing usernames and passwords to stealing payment and credit card data," he wrote in a blog post. "There's no easy answer, since most endpoints used to enter payment and credit card data are outside the control of the merchants who process the transactions."
Comments begin below. Comment anonymously by sending an e-mail to BobSullivan@feedback.msnbc.com