News
News
2/22/2007
05:55 PM
Connect Directly
RSS
E-Mail
50%
50%

Pharming Attack Slams 65 Financial Targets

The attack, which lasted two and a half days before it was shut down, was described as a sophisticated, multi-pronged operation.

An Internet-based attack aimed at about 65 financial targets in the United States, Europe and Australia was shut down after a two-and-a-half day run.

Hackers launched the "pharming" attack on Monday, Feb. 19 and authorities shut it down on Wednesday, according to Dan Hubbard, vice president of security research at Websense, which was tracking the attack. He described it as a sophisticated and multi-pronged attack that involved multiple IP addresses, server sites in four different countries and a deluge of fraudulent spam.

The term pharming is used to describe a hacker redirecting a user from a legitimate site to a fraudulent and malicious site where their machines are infected with malware.

Hubbard says he's not sure how many computers were infected during the two-and-a-half-day attack, but he says more than 1,000 machines were compromised in just one day.

"It was a professional team. It was very well planned," says Hubbard. "It was quite successful and very resilient. It wasn't just one IP address hosted in one country where you could shut it down and take care of it. This one has multiple IP addresses in multiple countries. It makes it more difficult to stop what is happening."

On Monday, the first e-mail lure was spammed out. It contained the bogus news that Australian Prime Minister John Howard was struggling for his life after suffering a heart attack. The e-mails are set up to appear to be a link to a news story from The Australian, a daily newspaper. The second e-mail lure offered up news of a cricket match in Australia. Hubbard notes he was surprised how many Americans were conned into clicking on a link for more information about Australian cricket.

The e-mail lures directed users to connect to a Web site for more information. When they clicked on the link, they were redirected to one of five different malicious Web sites, where their machines were infected with malware.

When anyone with a corrupted machine connected to a Web site for one of 65 banks or financial institutions, any information they entered there would be sent to both the real destination, as well as back to the hackers. The stolen information, along with more malicious code, was stored on a master server.

The fraudulent and malicious Web sites that users were directed to were hosted on servers based in the U.K., Germany, Estonia and the U.S., according to Hubbard.

He adds that the master server has been shut down and the exploit servers were either shut down or have been moved.

The pharming attack targeted companies such as Barclays Bank, the Bank of Scotland, PayPal, eBay, Discover Card and American Express.

Hubbard notes that most of the victims were Australians and Americans. According to Websense stats, 35% of the infections occurred in Australia; 32% happened in the U.S.; 11.5% took place in the U.K. and .2% transpired in Russia.

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.