Millions at risk from massive organized eCrime attack

Davey Winder
Friday, 03 October 2008 20:31

Your IT - Home IT

With credentials relating to 200,000 servers, and more than 80,000 legitimate sites known to have been compromised, could this Neosploit driven attack be one of the biggest organized eCrime operations ever?

After many experts thought that the Neosploit crimeware toolkit had gone into retirement, it seems that it was actually just flying under the radar. Now it is back, and how.

Ian Amit is Director of Security Research with Israeli-based Aladdin Knowledge Systems, and has uncovered what could well be one the largest organized eCrime operations ever.

Amit stumbled across the incredible discovery while researching the emergence of the newly discovered Neosploit 3.1 hacker toolkit. And what a discovery it is. Just look at the bullet points:

More than 80,000 legitimate sites found to be compromised

Credentials for more than 200,000 servers found on the criminal server

Major overseas weapons manufacturers & USPS.gov among the prominent sites compromised

Fortune 500 companies, universities, government departments have also fallen victim

Authorities in a total of 86 countries have now been informed and are investigating further

Amit is now working with CERT and numerous law enforcement agencies worldwide, having informed the authorities in a total of 86 countries, in order to ensure those major affected organizations which have been compromised can take appropriate action as soon as possible.

The devastating breadth of this breach can only really be appreciated once you get to grips with the fact that the vast majority of targets have been in Europe, indicating the majority of users that had subscriptions to the central criminal server were from European crime gangs.

Read how Amit discovered this criminal operation and what he told iTWire about the lucky escape visitors to the BBC website had on page 2...

CONTINUES