Researchers Hone in On 'Dropzones' for Stolen Credentials

Via DarkReading -

German researchers discovered over 300 cybercrime servers full of stolen credentials on over 170,000 people -- and it was only the tip of the iceberg, they say.

Researchers at the University of Mannheim's Laboratory for Dependable Distributed Systems were able to access nearly 100 of the so-called "dropzone" machines, and say the actual number of these servers is much more.

"With our limited amount of machines, we found more than 300 dropzones and we covered only two families of banking Trojans. In total, there are thus presumably many more," says Thorsten Holz, one of the researchers and a founder of the German Honeypot Project. The researchers were studying what they call "impersonation attacks," where a victims' credentials are stolen so that the attacker can impersonate him or her.

The researchers basically traced the steps of specific keyloggers and banking Trojans between April and October 2008. One-third of the machines infected by this data-stealing malware are in Russia or the U.S., according to the researchers. Overall, the 170,000 victims whose data they discovered in the dropzones were from 175 different countries.

They discovered a total of 10,775 bank account credentials, including passwords and bank account details that the victims would enter during a regular transaction. They also found over 5,600 credit card accounts and tens of thousands of passwords for various sites.

Holz says he and his team accessed the dropzone servers in different ways, but is unable to provide any details for fear that the attackers would use that information to further lock down their servers. They automated the entire process, using honeypots to collect samples, and a sandbox system to do the analysis and monitor the dropzone server. "Very little human interaction is necessary in the process," he says.

"I think our study is unique in a sense that we cover so many dropzones and thus get a better overview of what criminals steal from infected machines. Many dropzones are small, but if there are hundreds of them they still generate a lot of damage," Holz says.