Proofpoint Discovers Russian Cyber-Crime Gang, Attacker of Over 500K PCs

Proofpoint the security firm has said that its researchers recently intercepted one cyber-crime gang based in Russia which contaminated over 500,000 computers while seeking to steal online credentials belonging to prominent banks worldwide.

The firm has named the gang 'Northern Gold' because the term was repeatedly emerging during investigation. The firm believes the gang's operation started in 2008.

Vice-President Engineering Wayne Huang of Proofpoint states, Northern Gold seems to have financial motivation, thus reported theregister.co.uk dated October 7, 2014.

Furthermore, the gang employed a malware called Qbot -its other name is Qakbot- for carrying out the contamination, including infecting almost 2m distinct IP addresses. During the process, conversations were intercepted, while account details pertaining to approximately 800K Internet-based banking transactions were stolen, state the researchers.

Nearly 60% of the bank transaction sessions that were intercepted related to accounts of 5 very big banks within USA, while the IP addresses, again within USA, related to 75% of all contaminated PCs. Certain banks operating from Australia too got attacked.

Proofpoint's investigation is still going on; as a result, Huang has declined from disclosing the affected banks' names. Scmagazine.com reported this October 7, 2014.

Attackers, according to the security company, executed their assault from a number of hijacked WordPress websites utilizing the tactics of drive-by-download. It (the gang) expanded its botnet with 52% of contaminated machines which had Windows XP, while 39% had Windows 7. Moreover, computers with active Internet Explorer were estimated to be 82% of effective contaminations with Qbot.

Proofpoint notes that the gang's botnet construction is pretty methodical spanning sufficient time with rather low levels of the campaign so security companies' attention would barely get drawn.

When the attackers started sniffing sessions of individual end-users, exploit kits such as the Blackhole, Phoenix and Sweet Orange were employed. They also utilized different vulnerabilities like in Java, PDF plug-ins, IE and Flash. The exploit kits were pre-bought whenever they became obtainable just as they were also deserted when security patches appeared.

Proofpoint indicates that hackers from Russia are hitting the news given their more severe intrusions like one that lately targeted the American bank, JPMorgan Chase.

ยป SPAMfighter News - 10/14/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next