SecureWorks Identifies Bank and Information Stealing Trojan Coreflood

A hacking scam using an information and bank detail stealing Trojan - Coreflood, also called AFcore has been infecting several hundred organizations and thousands of employees.

The hacking scam, which has managed to escape undetected for many years, has the group responsible for it, infecting hundreds of organizations and employees by gaining administrator privileges of the involved network. In the scam, hackers infect any employee's computer system and then wait for the network administrator of the organization to log onto that system. Once the logging takes place, the hacker executes the Trojan using the administrator's user ID and password to subsequently spread the infection to all other computers within the network.

According to Joe Stewart, Director of malware Research for SecureWorks, he has found that Coreflood would creep into a network through a drive-by exploit in the user's browser. After entering the network, it downloads the installer and then executes PcExec, an authentic Windows administration program, obtained from Microsoft. If administrator rights were present for the infected system, the corrupt file i.e. 1823en.exr would be run on every PC in that domain.

Moreover, the Trojan not only steals usernames and passwords, but also captures text content from the Website. This could let the miscreant find user credentials whose value the attacker might not realize up front. However, the situation could give a method for determining the value by showing the infected consumer's bank balance, for instance. Thus, by not logging into every account to determine the bank balance, the criminal saves considerable amount of time. In this way, the Coreflood group managed to access databases and conveniently net several million dollars.

Further, according to Stewart, reducing the impact of malware problem using credentials identifying domain administrators is hard. Stewart suggested that it isn't quite possible to impair the feature without preventing the authorized user from administering his computer system entirely.

Finally, Stewart concluded that the responsibility of keeping network systems secured wholly rests on the principal administrator who not only needs to recognize the hackers' tactic, but also safeguards not just his system, but also every other system he has access to within the network.

Related article: SecureWorks Released List of New Botnets for 2009

» SPAMfighter News - 21-07-2008

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial