ATLANTA -- SecureWorks' Researcher Don Jackson, who originally discovered the Prg Trojan with fellow researcher Joe Stewart, (see http://www.secureworks.com/research/threats/prgtrojan/ ) has uncovered the largest, single cache of stolen data from the Prg Trojan. The data , which includes bank and credit card account information, SSNs, online payment account usernames and passwords, etc, is from 46,000 victims who were all individually infected beginning in early May. The victims are being infected and reinfected by ads on leading, online job sites.
The hackers behind this scam are running ads on job sites and are injected those ads with the Trojan, said Jackson. Thus, when a user views or clicks on one of the malicious ads, their PC is getting infected and all the information they are entering into their browser (including financial information being entered before it reaches the SSL protected sites) is being captured and sent off to the hackers server in Asia Pacific. This one server is still collecting stolen data and at any one time, we are seeing 9,000 to 10,000 victims sending information to the server.
When I first discovered this large cache of data, I couldnt figure out how the hackers were compromising so many websites, and as a result, infecting so many victims, continued Jackson. However, when I uncovered the Trojan-injected advertisements, it made total sense. These job sites get tons of traffic so it is no wonder that the hackers are having such success.