05:55 PM
Connect Directly
Repost This

Pharming Attack Slams 65 Financial Targets

The attack, which lasted two and a half days before it was shut down, was described as a sophisticated, multi-pronged operation.

An Internet-based attack aimed at about 65 financial targets in the United States, Europe and Australia was shut down after a two-and-a-half day run.

Hackers launched the "pharming" attack on Monday, Feb. 19 and authorities shut it down on Wednesday, according to Dan Hubbard, vice president of security research at Websense, which was tracking the attack. He described it as a sophisticated and multi-pronged attack that involved multiple IP addresses, server sites in four different countries and a deluge of fraudulent spam.

The term pharming is used to describe a hacker redirecting a user from a legitimate site to a fraudulent and malicious site where their machines are infected with malware.

Hubbard says he's not sure how many computers were infected during the two-and-a-half-day attack, but he says more than 1,000 machines were compromised in just one day.

"It was a professional team. It was very well planned," says Hubbard. "It was quite successful and very resilient. It wasn't just one IP address hosted in one country where you could shut it down and take care of it. This one has multiple IP addresses in multiple countries. It makes it more difficult to stop what is happening."

On Monday, the first e-mail lure was spammed out. It contained the bogus news that Australian Prime Minister John Howard was struggling for his life after suffering a heart attack. The e-mails are set up to appear to be a link to a news story from The Australian, a daily newspaper. The second e-mail lure offered up news of a cricket match in Australia. Hubbard notes he was surprised how many Americans were conned into clicking on a link for more information about Australian cricket.

The e-mail lures directed users to connect to a Web site for more information. When they clicked on the link, they were redirected to one of five different malicious Web sites, where their machines were infected with malware.

When anyone with a corrupted machine connected to a Web site for one of 65 banks or financial institutions, any information they entered there would be sent to both the real destination, as well as back to the hackers. The stolen information, along with more malicious code, was stored on a master server.

The fraudulent and malicious Web sites that users were directed to were hosted on servers based in the U.K., Germany, Estonia and the U.S., according to Hubbard.

He adds that the master server has been shut down and the exploit servers were either shut down or have been moved.

The pharming attack targeted companies such as Barclays Bank, the Bank of Scotland, PayPal, eBay, Discover Card and American Express.

Hubbard notes that most of the victims were Australians and Americans. According to Websense stats, 35% of the infections occurred in Australia; 32% happened in the U.S.; 11.5% took place in the U.K. and .2% transpired in Russia.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.