Russian Hacker Gang at it Again!

by Frank Jovine on 08/10/2008 in Internet, Privacy

What do they use? The Coreflood Trojan horse to infect massive numbers of PCs that gathers confidential information, including bank account numbers and passwords.

The Russian hacker group is at it again using a Microsoft administration tool to steal passwords. This is not new as they have been doing this for years.

A sampling of 11% of the stolen accounts found in one directory on the groups command-and-control server found more than a quarter-million dollars at risk, said Joe Stewart, director of malware research at Atlanta-based SecureWorks Inc.

In his most recent findings, Stewart spelled out how much money the group has had access to, as well as the number of users whose information was hijacked. As before, Stewart culled the information from a Coreflood command-and-control server he had helped shut down earlier this year.

Among the mountains of evidence on the server were the results of automated scripts that checked the validity of bank accounts and in the process obtained the account balances. Of the 79 accounts the cyber crooks tested — from among 740 stolen accounts on file in a single directory — the highest balance was US$147,000, while the averages were $4,553 for each savings account and $2,096 for each checking account.

Tips:

Don’t store passwords on your PC

Don’t have your browser remember passwords

Safe surfing!

  • Share/Bookmark

14 Responses to “Russian Hacker Gang at it Again!”

  1. Jim McDosh

    Aug 10th, 2008

    Those pesky ole hackers.

    Jim Jones
    http://www.Ultimate-Anonymity.com

  2. Frank J

    Aug 10th, 2008

    It’s important to block all .ru domain extensions. I have written a blog on risky domains that users need to watch for.

    Thank you for the comment!

  3. Justin Wright

    Aug 11th, 2008

    Kind of glad I have a mac, even though it’s probably vulnerable too. I need to start remembering my passwords in my head instead of in firefox. Grr.

  4. Anon

    Aug 15th, 2008

    Tips:

    Use an operating system that is not built to be hijacked.

  5. Mats

    Aug 15th, 2008

    The Internet is a nasty place. And there are sadly millions and millions of people who don’t know how to protect their pc’s.
    But the worst scenario is when people tend to think. I don’t have anything important on my computer anyway, so who would like to hack into it.

  6. paresh

    Aug 15th, 2008

    zol.

  7. Lysyj

    Jan 27th, 2009

    To Mr Frank J:
    for your info- most hacking groups are located in US and Europe, especially Holland.Almost all hack sites are from .com, .net, .ws and so on. Where are they located, can you tell me? Are you powerful enough to block .nl domain? Or China? What all of you will do without chinese brains or without china-made components of your PCs? Just don’t be so stupid to make such “It’s important to block all .ru domain extensions”. Just block everything, put a barbwire around US, cut off all cables to internet and rest in peace, enjoying licking ass of vista-makers. Only in that case you will be safe. But I think that it will be safer for the rest of the world.

    • Frank J

      Jan 27th, 2009

      On the contrary, most are from .ru domain extensions, but not to say they’re from Russia, but maybe using a proxy to be deceptive.

  8. Lysyj

    Jan 27th, 2009

    O yeah, that is so modern- to blame russians for everything. They have oil and gas- lets bomb them, they are democratic not in american way. Mr Putin is making money from oil- let’s punish him! Arabian kings are making money ONLY on oil, but nobody blames them, though they ARE terrorists and dictators.
    You know, this is just a matter of fashion- people always need someone to be guilty. But usual people are suffering not from “russian hackers”, but from all those security limitations. Thats why sometimes I can’t use my credit card to pay for something over internet, thats why I can’t use all benefits of Playstation Network or XBoxLive services. Thats why some of my e-mail addresses are blocked from certain sites- they are from .ru domain!
    All this comes from stupidness of certain people: Mr Bush said- bin Laden is guilty, lets bomb Afghanistan. SecureWorks Inc (who the f*k knows them at all? are they REALLY professionals?) said- troyans stealing bank accounts, and you, Mr Frank J, are making immediate decision- lets block .ru! Not wise at all!
    PS: I’m not russian. I’m already guilty that I was born in USSR. And I’m proud of it!
    PPS: thanks for discussion.

    • Frank J

      Jan 27th, 2009

      That was not my message. I am simply saying thatmany resources such as Trend Mirco, McAfee, and Symantec have included that much of the threats we know today happen to come from .ru domain extensions.

      Who’s bombing who?

  9. Lysyj

    Jan 27th, 2009

    Heh, according to “Tipping Point” research, top 5 hackers countries are
    Great Britain
    New Zealand (surprised? me too!)
    Australia
    Singapore
    Taiwan
    S.Korea
    Hong Kong
    China
    India
    Japan

    Where is Russia?

    • Frank J

      Jan 27th, 2009

      That is one resource and not as credited as the ones I provided, but we can go back and forth all day.

  10. Lysyj

    Jan 29th, 2009

    Ok, I just didn’t like your “let’s block bla-bla-bla”. Journalist is bringing the facts, but making conclusions- is not his job.
    Anyway, thanks for conversation. Good luck.

    • Frank J

      Jan 29th, 2009

      I hear what you are saying, and I could have been more neutral. I appreciate the comments!