Researchers Used Honeynets to Know About Hackers’ Techniques

According to the news published by darkREADING on December 18, 2008, German security researchers at the laboratory of University of Mannheim had discovered over 300 crime servers that were filled with stolen credentials belonging to over 170,000 people.

The study reports disclose that the researchers established "honeynets" (distributed dummy computers in networks) that were arranged to be systematically hacked. The idea behind setting up honeynets was to accumulate intelligence regarding the attack methods of the hackers. They also deliberately infected the systems with trojans designed to steal data. These trojans belonged to two separate groups of keylogger programs called "Nethell" (or "Limbo") and Zeus (or "Zbot").

The reports also reveal that both of the malware families have been designed with so-called "exploit toolkits" available in underground markets by expending some hundreds to thousands of dollars per pop. Security experts said that the kits consist of soup-to-nuts scripts that aid in creating malware-laden websites. These websites are used to pass on password-stealing programs to visitors and programs that enable the purchaser to establish back-end systems to receive hacked data, differently known as "drop sites", "blind drops", "drop zones" and "dead drops".

And while sharing the study's details, researcher Thorsten Holz who along with other researchers founded the German Honeypot Project said that they failed to access 230 of the total drop sites they found. This implied that the actual number of stolen credentials was probably much higher than what they managed to see, as reported by washingtonpost on December 19, 2008.

Moreover, according to reports, the researchers tracked down the actions of individual keyloggers as well as banking trojans during April-October 2008. 33% of the systems infected with this data-capturing malware are located in the US or Russia, state the researchers.

Holz further said that his team of researchers has been reporting the hacked data to security specialists at AusCERT (Australian Computer Emergency Response Team) that is equipped with "Lumberjack", an automated arrangement that helps in informing financial institutions about compromised accounts.

Furthermore, the team discovered an aggregate of 10,775 bank account details of victims' online transactions, over 5,600 credit card account numbers and many thousands of website accessing passwords.

Related article: Researchers Urge Caution against Phishing Scams

» SPAMfighter News - 31-12-2008

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial