Major Web Attack After Financial Data

”This is a complicated, sophisticated attack,” says Ken Dunham, director of malicious code at iDefense, a security intelligence company based in Reston, Va. ”This appears to be designed to ultimately steal credit card and identity theft information, which can then be sold … There could be hundreds of thousands of victims at this point.”

According to security researchers, an organized crime group out of Russia has launched the attack, compromising Microsoft’s IIS Web Servers. When a Web surfer goes to that infected Web site, javascript is appended to the html page that is called up. That script then exploits two vulnerabilities in Internet Explorer to install a backdoor into the user’s computer.

Once this is done, the javascript instructs the user’s browser to download and install an executable from a Russian Web site. Different executables have been noted, but they include keystroke loggers, proxy servers and other backdoors providing full access to the compromised system.

Dunham says the attack was coordinated by the HangUp Team, a hacker group in Russia — the same group supposedly responsible for the Korgo worm family. ”They’re making a lot of money of this,” says Dunham. ”And they have a serious backend market for peddling information.”

See the complete story on eSecurity