China UnionPay Website Becomes Victim of Hack

A hacking attack dropped a backdoor Trojan on the China UnionPay website, reports news sources in China. The site runs a 'cross-bank credit card service' for over 170 million people across the country. The website www.chinaunionpay.com is the nation's sole national 'electronic payment network operator'. The planting of a backdoor virus program on this website by anonymous hackers could result in the leakage of customer information.

Engineers at 'Rising Corporation', a leading 'computer security' company in China detected and identified the backdoor program as "Backdoor.BlackHole.2005.a", which they said was capable of hacking customers' PCs when the latter went to the website.

The engineers said that computers with video cameras could fall prey to attack by the backdoor Trojan through which attackers could easily gain access to the users' private information. However, they said that since the program has become quite old by now, the anti-virus software could easily defeat it provided users upgrade the software into their systems.

According to a security advisory by security firm 'Sunbelt', a 'Backdoor' is software that enables an attacker to make unauthorized access to a computer by remotely controlling the machine while the user is unaware of it. A 'Backdoor' modifies the system thus compromising its integrity. This allows the attacker to use it for malicious purposes not known to the user.
The 'Backdoor' attack was targeted only on the official website of China UnionPay, said a representative from China UnionPay. Therefore, the company's 'transaction network' was free from the attack. The representative further said that some anti-virus companies were making false announcements of the attack to promote their products. According to the representative, despite a hacking attack the 'credit card transaction network' of China UnionPay continued with normal operation. The representative keeping himself anonymous assured customers that the attack only affected the official website and therefore, confidential customer information had not been compromised. It appears that the Trojan was discovered and removed within a day of its plantation. However, the hacking culprits are still to be identified.

The representative said that certain anti-virus companies took advantage of the situation by intentionally announcing the attack to promote themselves.

Related article: China’s Best Initiatives To Deal With Spam

» SPAMfighter News - 11/24/2006