back to article Almost 2,500 firms breached in ongoing hack attack

Criminal hackers have penetrated the networks of almost 2,500 companies and government agencies in a coordinated campaign that began 18 months ago and continues to steal email passwords, login credentials, and other sensitive data to this day, a computer security company said. The infections by a variant of the Zeus botnet …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    anyone for

    internet banking?

  2. N2

    Any chance

    Of stats on affected operating systems/browsers affected?

  3. John Smith 19 Gold badge

    2500 companies affected?

    which mean *how* many PC's shafted?

    Including pharceutical companies?


  4. Number6

    Back to plain text

    As a first line of defence, all these organisations should mandate use of plain-text email and ban HTML. That would remove several attack vectors (I bounce HTML email by default, it takes out a lot of spam).

    A second line of attack would be to automatically remove attachments from incoming mail and put them on an internal server where they can be quarantined/verified in a safe environment before being dowloaded by the original recipient. Still not foolproof, but it would help reduce the incidence of clueless users blindly opening attachments while not inconveniencing them too much.

  5. Anonymous Coward


    Maybe I am reading it wrong, but it seems like the researchers can ID the drone PCs.

    Send the IP addy to the ISP (along with datetime info, in case the IP is shared) and give the ISP 24 hours to block 75%+ of all reported drones.

    If they do not comply, block the ISP until such times as they do.

    All ISP costs should be recovered for the negligent users.

    How friggin' hard is it, just how hard? Can anyone tell me? Am I asking for the impossible?

    Users are 100% responsible AT ALL TIMES for any damage caused by a device under their control. Be that a car, gun, power tool or PC.

  6. This post has been deleted by its author

  7. Anonymous Coward
    Anonymous Coward

    that old chestnut

    windows in a corporate environment fail. again.

    ho ho ho

    1. Anonymous Coward
      Anonymous Coward

      Re: that old chestnut

      No platform is immune to bespoke malware...

      1. Gene
        Thumb Down

        Of course they are...

        ...but I've been running Mac OS X since 10.0.0 in 2001 without any virus or malware protection and I've had zero problems. Maybe it's time to drop this sort of automatic response and face reality.

        1. Mike Flugennock

          re: Of course they are...

          I've got you beat there... I've been running MacOS since 1985, before the big '88 Worm -- I used Virex and Norton until they got to be more trouble than they were worth, as they kept flagging down benign CDEVs and INITs -- and haven't been touched yet, thanks to a bit of common sense and Little Snitch (under OSX). I automatically "deny" any numeric IP addresses -- not to mention the usual suspects, such as doubleclick -- as Little Snitch (which has saved my ass on numerous occasions) catches and flags them, and that's worked really well for me.

          Don't they have a Little Snitch equivalent for Windows?

          1. Hyphen

            Numeric IPs?

            You ban numeric IPs? Oh, you mean as opposed to those ones with letters in?

            (IPv6 is a different argument before anyone goes smart-arse)

  8. Anonymous Coward

    Corporate IT Security is pathetic

    I work at a multinational defence company.

    The default browser is IE6 on Windows XP. Base build machines use Adobe Reader 6.0.

    1. Anonymous Coward
      Anonymous Coward


      I REALLY just laughed out loud at that comment!

    2. Anonymous Coward


      My own experience in govt and local govt (especially the latter) would suggest that's quite an advanced spec...

  9. Al fazed

    well durr !

    Wake up call required eh.

    FFS, just how long is this charade going to continue.

    Didn't think it could happen to them, wasn't worth the investment.

    I'm sure we've all read the security briefs and then had to pull in our necks when being told why we can't implement the required strategy.

    Well someone is going to wake up much richer today.

    And some are not being so Fortunate, hee hee hee.

    Make way idiots !


  10. Anonymous Coward

    ...begging to be hacked...

    I have little sympathy for some of these companies - who to this day /insist/ that their desktops carry IE6 and no other web browser(*). That puts their employees right there in the danger zone any time they do anything to do with the internet ... even unknowingly, opening HTML email on a Windows desktop.

    {* I work for one of the larger investment banking organisations, who operate this adbsurd policy.}

    1. Daniel B.


      I also worked at a large financial organization, and while IE6 was the "standard", so was Nestcape 4. That was because Netscape 4 is the most recent browser with OS/2 support; go figure.

      The good thing is that those OS/2 beasts with Netscape4 are basically malware-proof, as there's no chance in hell they'll even be able to run the malware!

    2. Ammaross Danan


      Many companies mandate IE6 and WinXP due to problems vetting newer browsers/OSes. The Gov't in particular probably runs custom software that demands a certain browser or uses an out-of-date plugin that requires an older OS. I work in Healthcare and I know of several EMR solutions that either directly embed browser windows into their interface (thus requiring IE6 for instance, so everything stays working as intended), or uses some plugin for managing PDFs or images that is running 4 revisions out-of-date which only supports XP. Why? It costs money to buy licensing for the new plugin, or to pay someone to update the interface, etc. Until people start refusing to use software solutions that REQUIRE them to stay on older, more insecure, platforms, nothing will be done by those lazy software vendors.

  11. Unus Radix

    I have to wonder

    How exactly the perps choose what information (if any) is worth siphoning off to the [former Soviet] Republic of Bulvania for closer inspection. Sending, say, the entire contents of the HD and then examining that is probably not feasible. I suppose doing the same for "C:\Documents and Settings" would be a start, but still ...

  12. Anonymous Coward

    I have to wonder too...

    At the rate malware and hacking is growing and succeeding, how long it will be before the "totally unbreakable" internet is totally broken and unusable...

  13. Doug

    computer botnets

    What desktop Operating System is required for this 'botnet' to operate. How is the initial infection achieved on the computers. Is it by clicking on a malicious URL or opening an email attachment.

  14. Alain

    With a little help from Symantec

    This seems to come just at the right time when Symantec Endpoint Protection that is so widely used in big companies as their corporate anti-virus has failed miserably on Jan 1st, 2010 (see this:

    Because of this major goof tens (hundreds?) of thousands of PCs have been left with outdated signatures for weeks. I know from first hand information that in some big places, desktops with signatures 3 weeks+ old were not uncommon until very recently. Symantec has come up with a fix some time ago but due to propagation delays and intranet servers being overloaded in companies, it took forever for signatures to catch up.

    Keeps me wondering why SEP is still so popular after so many failures of this basically broken product. On top of this the "corporate" aspects fail just any functionality tests.

  15. Codge

    @Daniel B



    The Dirty one...

  16. Anonymous Coward
    Anonymous Coward

    IE 6

    I worked for a local council and I had the oppurtunity to try using some of their web browser based software with FF portable out f curiousity. From the front end it seemed to work fine, would retrieve the information, would send the information back etc. (I can't say for the back end or all of it but I used the 'user end' of it pretty extensively),. I'd say a certain lack of interest in their IT dept, plus outside the IT dept a combination of no one in the place ever wanting to be the one who sticks there neck out upsets the status quo and no one wanting to risk being the one who might be culpabe if its is a problem or doesnt work, plus most of the end users are clueless about the problem. means the place is still using ie6 its will still probably be using it when we are making gestures to browse.

    These simialir attitudes cause some vast waste in our public money elsewhere as well for simialir status quo reasons, after working there a year I used to resent paying my council tax cos I knew it was being pissed up the wall for little good reason.

  17. Rossano

    Effects of the malware bot

    This is a variant of the well known Zeus bot otherwise known as Zbot. Once executed on the target machine –which becomes an infected bot- it downloads a configuration file from the C&C server (Command & Control server) which instructs the bot to capture desired data.

    It creates a hidden folder on the infected machine and it drops a modified copy of itself to avoid security scanner detection.

    The bot periodically uploads the captured data to the server and schedules an update of the configuration files permitting the criminal hacker to change the instructions of the bot.

    Additionally it disables the firewall on the target machine.

    Rossano Ferraris, CA ISBU Research Team

This topic is closed for new posts.