Honeyblog: Haxdoor Reaps 39K Victims in 9 Days (For Starters)
Thorsten Holz writes on Honeyblog:
Recently there was a malware incident within the network of my old university in Aachen: Blast-o-Mat, a custom IDS system, picked up an infected machine and redirected it to a quarantine webserver. This way, the user is instantly noticed that something went wrong and he can download patches and AV engines at that web site. A closer examination revealed that the infected machine also did some strange web requests. It tried to post data to a PHP script located at a remote server.More here.
It turned out that this machine was infected with Haxdoor, one of the most advanced Trojans out there nowadays. Haxdoor (AKA Goldun) is - among other things - capable of collecting private data like username/password combinations entered within Internet Explorer and has also some rootkit capabilities.
During further investigation, several log files which contained all information stolen from all infected machines could be found. In total, these log files contained more than 6,6 million entries, an equivalent of 285 MB of data. This data was stolen from the compromised machines between April 19 and April 27, 2006, so within only nine days. In total, more than 39,000 different IP addresses fell victim of this particular Haxdoor infection. This shows the effectiveness of this kind of attacks.
0 Comments:
Post a Comment
<< Home