Millions at risk from massive organized eCrime attack

Davey Winder
Friday, 03 October 2008 20:31

Your IT - Home IT

Amit had already uncovered the return of the Neosploit crimeware toolkit and showed a link between a rise in PDF exploits and it's reappearance. He then turned his attention to the eCrime operations behind one specific Neosploit installation he had identified.

The resulting investigation is now being led jointly by Amit and CERT, and is global in nature. In fact it spans more than 86 countries worldwide.

Amit was able to uncover more than 200,000 credentials attached to specific servers had been made available on a central, criminally operated, server. These were just part of a highly organized process to modify legitimate Web sites to serve malicious content.

Out of those 200,000 nearly 107,000 of them had been validated by that criminal server, and 82,000 had been used to modify Web related content, ready to attack unsuspecting users of sites associated with that content.

The remaining 20,000 validated credentials were set aside to be used as trading collateral with other eCrime organizations later. Given the nature of the servers concerned, most likely in the fields of business intelligence and corporate espionage.

We spoke to Amit about the investigation and he told iTWire that "After closer investigation of the data gathered during the research, it came to our attention that not only the criminals were able to get their hands on government site credentials in the US and across Europe, but also for the FTP server of the BBC."

Amit says it was just "sheer luck that the credentials were not associated with any online material, this incident could have ended up infecting the BBC's website visitors."