As Security Management reported in April, the Russian Business Network once stalked the Internet, providing Web hosting to various sorts of cybercriminals and their illegal activities, ranging from identity theft to child pornography, until an Italian Internet-provider cut its connection.
Now another group of Russian cybercriminals has been exposed, according to ComputerWorld.com. Located somewhere in South Russia, security researcher Joe Stewart, director of malware research at Atlanta-based SecureWorks Inc., says the group has swiped around 463,000 usernames and passwords since 2005.
Today, Stewart explained to ComputerWorld.com:
... the inner workings of a cybercrime gang using the Coreflood Trojan horse to infect massive numbers of PCs, then sift through the machines for confidential information, including bank account numbers and passwords .... Stewart has been releasing research on the group for more than a month as he works his way through more than 50GB of data he snatched from a server that the gang had been using as a data repository. In July, for instance, Stewart disclosed how they use a Microsoft program called PsExec to spread their password-stealing Trojan from a single infected PC to every Windows system on a company network.
Sampling only 11 percent of the accounts the hacking outfit stole, Stewart found $281,000 at risk. One account had a balance of $147,000 while the average checking and savings accounts sampled contained $2,096 and $4,553, respectively. The hackers, he said, only pursue high-value targets that own large accounts they can empty.
Stewart said U.S. authorities are investigating, but he didn't know if Russian authorities were pursuing the hacking outfit as well. "[W]e need a lot more effort and cooperation to do anything about this."