Crime Server Controlled to Store Stolen Data
Online security firm, Finjan, has discovered a Malaysian server that controls and command the activities to wage malware attacks amassed a 1.4 Gigabyte repository of pilfered data from Europe, North America and India. In addition, the server acted as a drop Website for data gathered from compromised PCs, according to Finjan recent edition of the "Malicious Page of the Month" released on May 6, 2008.
According to the officials at Finjan, cyber thieves are employing sophisticated programs to install malware onto legitimate Websites, gaining control over visiting computers, and then stealing data from them. In the recent case, the stolen data included 5,388 distinct log files accumulated in just three weeks, starting from the 2nd-last week of April 2008.
These files included business and personal e-mails, medical reports, and financial log-in details alongwith transaction information that related to not just account and credit card numbers but also security codes and passwords. Although it is already known that Web exploits are commonly used to pilfer and trade personal data, the finding of the repository raised fresh alarm.
The association of the log files was found with 5,878 unique IP addresses. Although it hasn't been determined as to how many PCs were compromised to lift the data, the number could be pretty high, counting twice as many as the IP addresses. The cache on the crime server included 86 log files from Canada, 571 from the US, 232 from the UK, 150 from Spain, 46 from Holland, 322 from France, 621 from Germany, 58 from Italy, 308 from India and 1037 from Turkey.
Further, since the April discovery, Finjan's Malicious Code Research Center has found two other servers holding the similar data elsewhere. It seems that these servers had been operating for time periods that were comparatively shorter. The discovery of the crime server followed after the outbound traffic was tracked from the customer network of Finjan.
The stolen data was mostly in a crude form, although some of it had been processed in the server. The server, which had several Trojan malware, was registered in Moscow and hosted in Singapore.
Related article: Crime-Related Police Documents Leaked out Via P2P Program
» SPAMfighter News - 12-05-2008