Black Hat: 500G of Personal Data Captured by CoreFlood Botnet
William Jackson writes on GCN.com:
A cache of stolen data gathered from a botnet that has been quietly sweeping up information for years contained the user names and passwords for:More here.
- 8,485 bank accounts
- 3,233 credit card accounts
- 151,000 e-mail accounts
- 58,391 social networking site accounts
- 4,237 online retailer accounts
- 416 stock trading accounts
- 869 payment processor accounts
- 413 mortgage accounts
- 422 finance company accounts
The Coreflood Trojan responsible for the infections has been around in one form or another since 2002, said Joe Stewart, director of malware research for SecureWorks Inc. The botnet is being used by a Russian crime group on whose command and control server Stewart found the stolen information. The data, which amounts to nearly 500 gigabytes, represents only six months of operations.
“They had erased the previous directories, probably because they didn’t have room to keep it,” Stewart said.
He estimated the group has stolen four times that amount of data, giving them access to accounts worth millions.
Stewart shared some of his research on Coreflood Wednesday at the Black Hat Briefings security conference. Because the Trojan has been circulating largely under the radar and spreads throughout an organization using a network administrator’s privileges, it can be particularly insidious, he said.