Russian Gang Hijacking PCs on a Massive Scale
A new report in the New York Times says that Russian cyber-gangs are turning the tools of system administrators against them. The gang spreads an application called Coreflood by hijacking administrative accounts, then infecting the rest of the network through this trusted source. The malicious program turns the infected PCs into a vast network of computers working in unison to steal data and send spam called a botnet.
Coreflood is unique because it captures information displayed on screen, not just entered, so the criminals can check bank balances of victims without having to login to the account. Coreflood is also
Because the gang has infected almost 400,000 PCs through normally trusted sources -- essentially by getting the password and login information of network adminstrators (yes, the IT folks) -- law enforcement officials in the US and Russia are particularly concerned with the attack. They're reluctant to share too many details, though, as the investigation is still ongoing. [Source: NY Times]
