Major Web Attack May Steal Financial Data

IT administrators are being warned to double check their servers, and

Web surfers are being cautioned after a widespread hacker attack has

compromised major corporate Web sites and infected thousands of users’

computers.

”This is a complicated, sophisticated attack,” says Ken Dunham,

director of malicious code at iDefense, Inc., a security intelligence

company based in Reston, Va. ”This appears to be designed to ultimately

steal credit card and identity theft information, which can then be

sold… There could be hundreds of thousands of victims at this point.”

According to security researchers, an organized crime group out of

Russia has launched the attack, compromising Microsoft’s IIS Web

Servers. When a Web surfer goes to that infected Web site, javascript is

appended to the html page that is called up. That script then exploits

two vulnerabilities in Internet Explorer to install a backdoor into the

user’s computer.

Once this is done, the javascript instructs the user’s browser to

download and install an executable from a Russian Web site. Different

executables have been noted, but they include keystroke loggers, proxy

servers and other backdoors providing full access to the compromised

system.

Dunham says the attack was coordinated by the HangUp Team, a hacker

group in Russia — the same group supposedly responsible for the Korgo

worm family. ”They’re making a lot of money of this,” says Dunham.

”And they have a serious backend market for peddling information.”

Johannes Ullrich of the Internet Storm Center, which monitors Internet

threats, reports that his organization has been contacted directly by

about 20 companies, so he estimates that 100 or more Web sites have been

infected with the hostile script.

While less than Dunham’s estimate, Ullrich suspects that thousands,

possibly 10 thousand, user machines have been infected.

Ullrich says the threat is waning as most of the infected Web sites

already have been cleaned up.

But it’s been an attack that had security researchers and some IT

administrators up all night beating back the flames and trying to figure

out exactly how the attack worked.

”This was very dangerous,” says Steve Sundermeier, a vice president at

Medina, Ohio-based Central Command, Inc. ”It’s alarming in that you

have large, legitimate corporations being used as a tool. As a user,

especially if you’re entering credit card information, you expect secure

Web sites. Their financial security could be breached. And for the

credibility of the corporation, this is a huge problem.”

Researchers would not release the names of the companies and Web sites

that were compromised for fear of compounding their problems. Ullrich,

however, says the compromised sites included industry associations,

banks, brokerages and travel-related sites.

The question now is how were the corporate servers infected?

Researchers are still investigating the attack and have been slightly

thrown by reports from corporate administrators who said their machines

had been fully patched.

Dunham reports that there is some speculation, even coming from the

Microsoft camp, that the breakins and server infections are related to

the MS04-11 vulnerability.

”With fully patched boxes being infected, it appears there may be

another component of the MS04-11 vulnerability,” says Dunham. ”There’s

a whole bunch of stuff in there and some of it is related to the IIS

servers… We don’t know how they are getting exploited. We’re talking

about highly secure environments.”

Ullrich, however, says it’s possible that the sites were compromised

some time ago before the servers were patched.

Microsoft recommends that users run a search for kk32.dll and

surf.dat. If either of the two files is present, the computer may

be infected. Computers can be cleaned by using up-to-date anti-virus

software.

RELATED NEWS AND ANALYSIS

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2020

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020

• Anticipating The Coming Wave Of AI Enhanced PCs

  FEATURE |  By Rob Enderle,
  September 05, 2020

• The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  August 14, 2020