Wednesday, July 2, 2008

SecureWorks Finds Massive Cache of Stolen Data

Via DarkReading.com -

SecureWorks announced today that SecureWorks’ Director of Malware Research, Joe Stewart, has uncovered one of the largest caches of stolen hacker data ever reported, if not the largest.

The hacking scam involves thousands of employees of hundreds of organizations worldwide who have been infected with the bank and information -stealing trojan Coreflood, also known as AFcore. SecureWorks already had countermeasures in place for its clients to protect against the Coreflood Trojan and its variants and immediately notified research partners, anti-virus vendors and law enforcement officials upon discovering the scam.

What makes this hacker scheme so unique is that it has flown under the radar for years and the hacking group behind it has been able to go in and infect hundreds of employees of individual organizations via network administrator privileges. Essentially, the hackers infect one employee’s workstation and then lie in wait for the organization’s network administrator to log on to that infected workstation. Once the administrator logs on, then the hacker will run the trojan under the administrator’s username and password and subsequently infects all the workstations that the administrator has privileges to.

The trojan not only captures usernames and passwords, but also grabs the text content of the page at the same time. This would allow the criminal to possibly find credentials that he/she may not have even realized was valuable, as well as giving a quick way to determine value of credentials for instance, by displaying the bank account balance of the infected user. Not having to log in to each account to determine its balance can be a huge time saver for a criminal. Although it would take a great deal of time to determine just how much money the Coreflood group has illicit access to, based on numbers seen in the database it is easily in the millions of dollars.

No comments:

Post a Comment