General
|
Written by Daniel
|
Thursday, 24 July 2008 10:38 |
Password-stealing Trojan is spreading like a worm – and targeted directly at the enterprise
JULY 23, 2008 | 6:00 PM By Tim Wilson Site Editor, Dark Reading
The seven-year-old Coreflood botnet is quietly stealing thousands of passwords from corporate users and other large organizations, thanks to recent enhancements that allow it to spread like a worm, researchers say.
The enhancements were revealed June 30 by botnet expert Joe Stewart, director of malware research at SecureWorks. Stewart traced the botnet to a single command and control server that held more than 400,000 user IDs, passwords, and other information. (See SecureWorks Finds Massive Cache of Stolen Data.)
Since then, other researchers have had an opportunity to evaluate Stewart's findings, and they don't like what they see. In a nutshell, Coreflood has combined its old ability to deliver a password-stealing Trojan with a new ability to infect whole Windows domains in a matter of hours.
"This is potentially way more malicious than Storm, because it is collecting passwords -- rather than just sending out spam or denying service -- and because the user doesn't have to click on a link or do anything at all in order to be infected," says David Jevans, CEO of security vendor IronKey and chairman of the Anti-Phishing Working Group.
Coreflood, which started out as a simple Trojan in late 2001, has been reiterated more than 100 times during its long lifespan. But with the enhancements, the Trojan now has the ability to infect Windows administrators' machines and then use their privileges to infect all of the other machines in the administrator's domain.
"We've literally seen situations where there was only one machine infected, and within a few hours, 30,000 other machines on the same network were also infected," Jevans says. "And these aren't random infections -- if it gets through to one administrator's machine, then all of the devices in his domain will be infected." [Dark Reading...] [Comments...] |