Security News > 2007 > July > 'Italian job' hackers use Russian tool kit
http://www.theage.com.au/news/security/italian-job-hackers-use-russian-tool-kit/2007/07/14/1183833827883.html By Ed Pilkington July 16, 2007 Hackers have launched an assault on websites in Italy and beyond dubbed "the Italian job" in a move seen by internet security experts as the next step in the escalating problem of cyber crime. Gangs presumed to be based in Eastern Europe have probably infected more than 10,000 web pages on popular websites including travel agents, hotels, charities and government departments. Most of the sites are in Italy, although the attack has also spread to Spainand the US. Using an attack "tool kit" available for $815 on the internet from Russia, the attackers implanted codes that download a "keylogger" onto the computer of anyone opening those sites. The keylogger allows the hackers to monitor any activity on the infected machine - in effect to control the computer. That gives them access to any bank details, credit card information or passwords that are entered. It is not known how many computers have been infected by the attacks, which are believed to have begun about the middle of last month. Security experts put the numbers at tens of thousands. Dan Hubbard, of the Californian internet security firm Websense, says Italy may have been targeted because of the seasonal popularity of its travel websites or because the hackers had discovered a way to penetrate an Italian bank's firewalls to steal identities. "We often call this sort of thing the perfect crime because it is so difficult to track down the perpetrators." Trojan attacks are not new but experts say the scale of the latest onslaught is unparalleled, as is its focus on established websites to steal banking identities. David Perry, a director of another US web security firm, Trend Micro, says: "This is a paradigm shift. We can expect to see this kind of thing being replicated now for the next five or six months." Researchers at the company have tracked the attack to servers based in Hong Kong, San Francisco and Chicago. The FBI and specialist police in Europe are trying to follow it back to the source. Perry says one reason the Italian job is proving so effective is that it has been programmed to spot many different types of weaknesses in computer security systems. "It looks for a wide spectrum of vulnerabilities in a computer, acting like a sort of Swiss Army knife with many different ways to pierce through the protection." The initial assault on websites appears to have slowed, but as long as websites are infected with the attack tool kit, many users will continue to be vulnerable without realising it. Experts say there tends to be a lull followed by a renewed outburst in a different part of the world. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
News URL
Related news
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)