A criminal gang is using software tools normally reserved for computer network administrators to infect thousands of PCs in corporate and government networks with programs that steal passwords and other information, a security researcher has found.
[...]
Stewart, who has determined that the gang is based in Russia, was able to locate a central program controlling as many as 100,000 infected computers across the Internet. The program was running at a commercial Internet hosting computer center in Wisconsin.
[...]
The system infects PCs with a program known as Coreflood that records keystrokes and steals other information. The network of infected computers collected as much as 500 gigabytes of data in a little more than a year and sent it back to the Wisconsin computer center, Stewart said.
One of the unique aspects of the malicious software is that it captures screen information in addition to passwords, according to Mark Seiden, a veteran computer security engineer. That makes it possible for gang members to see information like bank balances without having to log in to stolen accounts.
Between this story and the one about the hackers stealing credit card info and selling it, I certainly don’t think our money or info is safe. I think I’ll starting hiding my money under a mattress, it will be much safer there where hackers can’t get their grubby hands on it.
posted August 6, 2008 at 11:10 am
This is why you don’t save passwords on your computer. It is a bit more work to type them in but it makes life a lot easier in the long run.
posted August 6, 2008 at 1:24 pm
Get a mac. I did, and I know now why they are becoming more popular all the time.
I like things that work.
posted August 6, 2008 at 4:15 pm
Well China has done this for years after effectively declaring cyber war on the US, maybe Russia will be treated with kid gloves and called a “most favored nation” by president after president and endless congresses.
Macs get hacked too, RG.
posted August 6, 2008 at 8:59 pm
This is becoming a real problem and the government is pushing financial firms to use two factor authentication. The financial firms don’t like it because of the cost and hassle to users, but it has to change. Also credit cards really need to add technology newer than a magnetic stripe and three numbers on the back. Chip and PIN is one possibility.
If they made these changes that would help reduce the value of hacking. In the mean time corporate servers are becoming high value targets. Your home PC is a lower value target but still worth breaking into.
Charles is right don’t store passwords on your machine. Even if you use a firewall and anti-malware software someone will get hit with a day zero attack. Also, don’t use library on internet cafe machines to log into any secure system.
I use Linux because it is even more malware resistant that OS X.