[ISN] 'Italian job' hackers use Russian tool kit

From: InfoSec News (alerts@private)
Date: Mon Jul 16 2007 - 22:40:54 PDT


http://www.theage.com.au/news/security/italian-job-hackers-use-russian-tool-kit/2007/07/14/1183833827883.html

By Ed Pilkington
July 16, 2007
 
Hackers have launched an assault on websites in Italy and beyond dubbed 
"the Italian job" in a move seen by internet security experts as the 
next step in the escalating problem of cyber crime.

Gangs presumed to be based in Eastern Europe have probably infected more 
than 10,000 web pages on popular websites including travel agents, 
hotels, charities and government departments. Most of the sites are in 
Italy, although the attack has also spread to Spainand the US.

Using an attack "tool kit" available for $815 on the internet from 
Russia, the attackers implanted codes that download a "keylogger" onto 
the computer of anyone opening those sites. The keylogger allows the 
hackers to monitor any activity on the infected machine - in effect to 
control the computer. That gives them access to any bank details, credit 
card information or passwords that are entered.

It is not known how many computers have been infected by the attacks, 
which are believed to have begun about the middle of last month. 
Security experts put the numbers at tens of thousands.

Dan Hubbard, of the Californian internet security firm Websense, says 
Italy may have been targeted because of the seasonal popularity of its 
travel websites or because the hackers had discovered a way to penetrate 
an Italian bank's firewalls to steal identities. "We often call this 
sort of thing the perfect crime because it is so difficult to track down 
the perpetrators."

Trojan attacks are not new but experts say the scale of the latest 
onslaught is unparalleled, as is its focus on established websites to 
steal banking identities. David Perry, a director of another US web 
security firm, Trend Micro, says: "This is a paradigm shift. We can 
expect to see this kind of thing being replicated now for the next five 
or six months."

Researchers at the company have tracked the attack to servers based in 
Hong Kong, San Francisco and Chicago. The FBI and specialist police in 
Europe are trying to follow it back to the source.

Perry says one reason the Italian job is proving so effective is that it 
has been programmed to spot many different types of weaknesses in 
computer security systems. "It looks for a wide spectrum of 
vulnerabilities in a computer, acting like a sort of Swiss Army knife 
with many different ways to pierce through the protection."

The initial assault on websites appears to have slowed, but as long as 
websites are infected with the attack tool kit, many users will continue 
to be vulnerable without realising it. Experts say there tends to be a 
lull followed by a renewed outburst in a different part of the world.


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Mon Jul 16 2007 - 22:51:44 PDT