Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share

Crime Server Discovered Containing 1.4 Gigabytes of Stolen Data

Patient information, business and personal data among the booty

May 06, 2008 | 06:55 AM

By Kelly Jackson Higgins
DarkReading

Researchers last month stumbled across a server run by cybercriminals that contained 1.4 gigabytes of stolen business and personal data from 40 businesses around the world.

Finjan Software researchers found compromised data from patients and bank customers as well as business email messages and stolen Outlook accounts and messages on the Malaysia-based server, which has since been shut down. The server had been running for just three weeks before it was found by Finjan and the data was stolen from victims in the U.S., Germany, France, India, England, Spain, Canada, Italy, the Netherlands, and Turkey.

This was one busy server: Aside from gathering the data, the server was also a command and control server for the malware that ran on the infected PCs. “The Command & Control applications on this Crimeserver enabled the hacker to manage the actions and performance of his Crimeware, giving him control over the uses of the Crimeware as well as its victims. Since the stolen data was left unprotected on the Crimeserver, without any access restrictions or encryption, the data were freely available for anyone on the Web, including criminal elements,” the researchers wrote in a report posted today .

Some 5,388 different log files were found on the server, most of which were from Turkey, Germany, and the U.S. Finjan says it discovered the illicit server while running its real-time code inspection technology to diagnose customers’ Web traffic.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Finjan Software Inc.


    • Subscribe to RSS










    Bugs
    ENTERPRISE VULNERABILITIES
    Vulnerability:suse linux
    Published:2010-01-22
    Severity:High
    Description:SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
    Vulnerability:ie
    Published:2010-01-22
    Severity:High
    Description:The URL validation functionality in Microsoft Internet Explorer 7 and 8 does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
    Vulnerability:bind
    Published:2010-01-22
    Severity:Medium
    Description:ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
    Vulnerability:ie
    Published:2010-01-22
    Severity:High
    Description:Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
    Vulnerability:ie
    Published:2010-01-22
    Severity:High
    Description:Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.


    Briefing Centers
    POWERFUL INFORMATION
    AT YOUR FINGERTIPS
    (SPONSORED LINKS)