Ukraine-based Server found Loaded with Personal Data
Prevx, the UK-based security company, has located a botnet in Ukraine, which contains personal data of about 160,000 persons and/or computers.
While the command-and-control server has been disabled, the cache of data on the server is a perfect example of how data stolen from various sources land up in one place and merged together aimlessly, the security investigators at Prevx stated.
The security investigators further discovered that the stolen data might or might not have been captured from Zeus infected computers. Meanwhile, Prevx describes this (Zeus) malware as brand new that the company detected when the worm was spreading its infection across numerous locations globally.
Additionally, Prevx found that the server was active for a month prior to its shutdown. While online, it was pulling and storing data from as many as 5,000 freshly infected PCs daily.
The security officials state that the discovery provides an interesting case study pertaining to the sheer amount of data cyber miscreants are stealing daily. The data ranged from the relatively less significant to the more critical sensitive data. Different kind of stolen data is hidden all over the Internet, mostly placed in a secured manner within websites protected with passwords, or within heavily guarded servers. However, Prevx researchers managed to get into these sites as they were poorly encrypted.
Furthermore, Prevx found that the victims are mainly people who regularly share their passwords on banking sites and Facebook along with e-mails and love notes. But there are more risky private details as well like social security numbers or financial account numbers.
Meanwhile, the company's findings indicate that organizations are less candid in notifying their clients about such concerns, said Prevx security researchers. Furthermore, those organizations that haven't faced these issues earlier also shy from taking the initiative to inform their customers.
Overall, Prevx asserts that people must find out whether their PC has been connected to a botnet to minimize data-loss. One way to know that computer is linked with botnet - if the Internet connection appears to be indefinitely slow, it could mean that a network of bots is utilizing the connection to transmit data.
Related article: Ukrainian Web Host of Malicious Programs Shutdown
» SPAMfighter News - 27-03-2009