Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Hackers Launched ‘Pharming’ Attack on Financial Institutions

On Monday, February 19 2007, hackers launched the 'pharming' attack, which authorities foiled on February 21, 2007, said Dan Hubbard, Vice President, Security Research, Websense. Websense was determining the source of the attack, reports InformationWeek. Hubbard described the attack as sophisticated and multi-pronged that handled a number of IP addresses, servers hosting sites in four countries and a bulk of spam.

According to researchers at Websense, the attackers enticed victims to visit a website that hosted malware. The malicious code exploited a Microsoft vulnerability for which the company issued a patch last May. The flaw requires a user to just open the website to infect his or her PC.

By just visiting the website, an unpatched PC downloaded a Trojan program via a file called iexplorer.exe. This file, in turn, downloaded five more files from a Russia-based server. The malicious site showed up only an error message suggesting the victims to disable the firewall and anti-virus software on their PCs.

The attackers were highly professional and very organized, said Hubbard. The hackers were pretty successful and quite resilient to thwarting attempts. The hacking involved not just one IP address in a single country that could be shutdown to stop further continuation, rather it related to multiple IP addresses in various countries. That made it more difficult to stop totally.

The use of malicious code is expanding very rapidly, stated Hubbard. Fraudsters are increasingly using it and Websense team believes it will grow both in frequency and sophistication. The success of the attacks will also rise in future.

Websense was unable to determine the number of people victimized by the attack. There were no reports of money theft, but normally people don't declare such things if it happens ever. The cyber attack also installed on the PC of users for the criminals to gain remote control of the hijacked PCs.

ISPs in the United Kingdom, Germany and Estonia have pulled down the websites hosting the malevolent code.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 3/7/2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page