Saturday, June 26, 2004

SEC: Hacker attack uses popular sites to get passwords, credit card data

MercuryNews.com | 06/26/2004 | Hacker attack uses popular sites to get passwords, credit card data

By Kristi Heim

Mercury News

In a new cyberattack that spread across the Internet on Friday, computer hackers used popular Web sites such as eBay, Earthlink and Yahoo to secretly transmit a program onto PCs that records personal data like passwords and credit card numbers.

Security experts linked the outbreak to a computer in Russia, which was disabled Friday afternoon. It's unknown how many computer users may have been affected, or exactly how many Web sites were used in this attack. Unlike recent infections like ``Sasser'' or ``Blaster,'' this attack, known as ``Scob,'' hasn't slowed Internet traffic.

But experts warned that Scob is particularly worrisome because of its unusual technique. One of the software flaws it exploits has no known fix, it targets financial data and masks itself so that Internet users might not know their machines are infected.

``It's trying to actually get your account information,'' said Oliver Friedrichs, senior manager at Symantec Security Response in Redwood City. ``It's constantly watching your browser as you connect to different Web sites. It sends that information to a long list of Web sites that hackers are controlling.''


The hackers appear to be employing a technique known as ``phishing'' to gain financial data and address lists for unsolicited commercial e-mails, or spam.

``This is a pattern similar to other organized crime activities we've observed in the past,'' said Lawrence Hale, deputy director of the U.S. Computer Emergency Readiness Team at the Department of Homeland Security. ``The risk and seriousness is that people can lose personal and financial information.''

Hale advised Internet users to guard their passwords and sensitive information like credit card numbers carefully until they can verify Web sites they're using haven't been compromised, and that their own machines are free of malicious code. Anti-virus software makers now have programs to detect and erase the Scob infection.

The threat was detected Thursday. Hackers exploited flaws in Microsoft's Internet Explorer Web browser and Internet Information Services (IIS) Web server software.

Patch available

Security experts are still analyzing exactly how hackers staged the attack. Microsoft made a patch available for the IIS flaw in April. But the flaw in Internet Explorer, disclosed June 6, has no known fix. Since then, hackers have been taking advantage of it to try to install unwanted ads on PCs, said Friedrichs.

On Thursday, they delivered a Trojan program -- one that appears safe but actually masks a worm or virus -- to popular Web sites whose servers were not updated with the latest security patches. Visitors to those Web sites using the Internet Explorer browser were then redirected -- unbeknown to them -- to a site that secretly installs code on a user's machine. That code then records keystroke information as users are typing.

``The end result means a user's machine ends up with a piece of code that allows the hacker to harvest data from that machine,'' said Vincent Gullotto, who heads Network Associates' McAfee Anti-Virus Emergency Response Team.

The information harvested was then sent to a number of different Web sites in Russia.

Of Symantec's 120 million customers, only about 20 were affected, most of them corporate customers, said Friedrichs.

Microsoft is rushing to create a fix for the problem, said Stephen Toulouse, security program manager at Microsoft's Security Response Center.

``We want to make sure the fix is comprehensive and that we don't introduce a new problem,'' he said. ``We're actively investigating the best solution and how to get that out to customers.''


In the meantime, computer users can take steps to protect themselves, such as changing Internet Explorer settings to the highest security, installing a personal firewall and making sure their anti-virus software is up to date.

``The attack is not epidemic, but it is likely to grow more pervasive over time,'' said Alfred Huger, senior director of Symantec Security Response. ``Users need to be aware of the threats as they use the Internet and be vigilant about the type of information they disclose to Web sites.''


Post a Comment

<< Home

Get Firefox!