A server discovered in June contained 50GB of stolen user account and financial details, including 9,000 bank and credit-card account credentials and 463,582 user account passwords, according to a report published at the Black Hat conference last week.
The server appeared to have been the central control point for Coreflood, a password-stealing Trojan and botnet that had been quietly infiltrating corporate networks since 2001, according to Joe Stewart, director of malware research for security firm SecureWorks, which co-operated with Spamhaus in shutting down the server.
In a presentation at Black Hat in Las Vegas last week, Stewart said an analysis of scripts left behind on the server indicated that the 50GB of material represented about one-quarter of the details that had been harvested, the rest having been deleted.
Coreflood has been known to security researchers for some time, but the broad scope of its operations has only come to light in recent weeks. In July, SecureWorks found that Coreflood, which began as a simple password-stealing Trojan, had added the ability to infect entire networks via a single administrator user account.
The Trojan poses more of a threat than more aggressive worms such as Storm, in part because its activities are practically invisible, Stewart said in the report. "Coreflood has managed to stay under the radar pretty effectively since 2004, with very few details available online about its activity in that time," he noted.
The botnet is still active, with its operators apparently having moved their base of operations from Wisconsin to Russia, Stewart said.
Of the usernames and passwords found on the server, 8,485 were for banks or credit unions, 3,233 were for credit cards and 151,000 were for email accounts. Other password types included online retailers, share-trading accounts, online payment processors, mortgage lenders and payroll processors.
Among the organisations compromised were a major US university hospital, with nearly 5,000 infected machines, a county school system, with 31,000 infections, a hotel chain, with more than 14,000 bots, and mortgage, pharmaceutical, oil and chemical companies. The Trojan also infected a US state policy agency.
Stewart emphasised the meticulousness with which the attackers compromised networks. The Trojan spreads via drive-by downloads from infected websites, rather than more obvious emails or instant messenging messages and, once a user with administrative access to a network domain was compromised, the attackers used this access to spread to an entire domain.
The attackers did not rely on zero-day attacks, Stewart said. Instead, they used older exploits and were able to invade systems that had not been kept up to date with patches.
They used the server to verify the validity of bank-account information and, in one subdirectory, SecureWorks found information on 740 stolen accounts from a single financial institution. Those that had been tested for validity held an average of US$4,553.74 in savings and US$2,096.31 in their current account, based on which all 740 accounts could have held a total of more than US$2.5m, Stewart said.
The following are comments, including mine about this company. There are numerous postings on the internet. These are just a few. Can you help us or give us advice?
LocalNet
Posted: 2008-05-13 by Jack [send email]
Watch your credit card statements
Complaint Rating: 80 % with 5 votes
Company information:
LocalNet
325 Hampton Hill Drive
Williamsville, Nebraska
United States
www.localnet.com
We moved 9 months ago. Called and cancelled our service with LocalNet (ISP) last June. Asking them specifically if we needed to do anything else. Nope...we were set! (They did NOT request a letter at this time)
Fast forward to yesterday. We get a bill claiming we owed the for January and February of... this year. (6 Months after we had moved to a different address.) Their story was that they had put our account on HOLD for six months...(why would we put it on HOLD when we were moving out of the house) so that was not true. When we told them this then they said..."Oh, then we didn't get a cancellation letter." They did not ask for it when we cancelled and why would they put it on hold if we had not contacted them to cancel in the first place.
Now they send a letter of demand... threatening to take us to court if we do not pay $37. Bully tactics and I'm mad. It's not a lot of money but it is fraudulant business practice and it turns my stomach. They figure the little guy will just pay and be done with it.
Please research LocalNet and watch your credit card statements.
[Complaint comments] Comments [Complaint country] United States [Complaint category] Internet Providers
Share with others: Digg it! Del.ici.ous Furl Yahoo My Web
Was the above complaint useful to you?
Comments
95 days ago by Cheryl [send email]
I recently called local net to cancel my services, first they said ok and said that it was cancelled. then they took the money out of my checking that next month. we called again and they said that we had to either fax or send a letter so we faxed them the letter on april 22nd we were set they said that it would be cancelled well it wasn't they took more money out of my account on may 16th so we called them again and they said that they didn't recieve the letter that we faxed. so now we will email them and if that doesn't work we will call an attourney.
66 days ago by Tencia Brown [send email]
I have tried to Cancel the service because it does not work on my comp theirs know modem so i called to let them know that i did not used their service and ask not to take any money out of my account but did anyway so i am asking once again not to take any more money if you want your CD back i will send it back Thank You Tencia Brown Please caontact at 909 9887983 in the mornings and 9096238543 in the evening with an answer.
63 days ago by Gloria [send email]
I think this company is a big fraud and profiting off of customers who may not know about all the computer parts.
Localnet is the worst internet service i have ever encountered. In May i called local net because i thought the price was good. I told the customer service person i was still with at&t dsl. I asked if i could switch over to dial up and then cancel at&t. I was assured this was possible. I was switched over to tech support and they could not get me connected. Tech support told me to cancel at&t first then call back. This little switch was a big hassle so I called them back right a way to cancel and was told i would have to send email or fax to billing . I emailed billing to cancel the service on May 14th and 20th. They took my 24.95 out of my acccount on May 15. I told them that i never recieved the service or used the service and wanted my money refunded they basically said that the problem was not theirs and that my computer was at fault. I told them that they were getting free money for services that could not be used by customers. I'm going to see who i can contact to get my money back. I am also going to contact an attorney general for guidance on this