Wednesday, August 06, 2008

Black Hat: 500G of Personal Data Captured by CoreFlood Botnet

William Jackson writes on

A cache of stolen data gathered from a botnet that has been quietly sweeping up information for years contained the user names and passwords for:

  • 8,485 bank accounts
  • 3,233 credit card accounts
  • 151,000 e-mail accounts
  • 58,391 social networking site accounts
  • 4,237 online retailer accounts
  • 416 stock trading accounts
  • 869 payment processor accounts
  • 413 mortgage accounts
  • 422 finance company accounts

The Coreflood Trojan responsible for the infections has been around in one form or another since 2002, said Joe Stewart, director of malware research for SecureWorks Inc. The botnet is being used by a Russian crime group on whose command and control server Stewart found the stolen information. The data, which amounts to nearly 500 gigabytes, represents only six months of operations.

“They had erased the previous directories, probably because they didn’t have room to keep it,” Stewart said.

He estimated the group has stolen four times that amount of data, giving them access to accounts worth millions.

Stewart shared some of his research on Coreflood Wednesday at the Black Hat Briefings security conference. Because the Trojan has been circulating largely under the radar and spreads throughout an organization using a network administrator’s privileges, it can be particularly insidious, he said.

More here.


Post a Comment

<< Home