[ad]
Seems like a social engineering type attack again relying on human ignorance and stupidity. Based around some kind of malware reporting back to a central repository.
Remember kids if a deal is too good to be true…it isn’t.
Hackers stole information from the U.S. Department of Transportation and several U.S. companies by seducing employees with fake job-listings on advertisements and e-mail, a computer security firm said.
The victims include consulting firm Booz Allen, computer services company Unisys Corp, computer maker Hewlett- Packard Co and satellite network provider Hughes Network Systems, a unit of Hughes Communications Inc, said Mel Morris, chief executive of British Internet security provider Prevx Ltd.
Of the list, only Unisys acknowledged that viruses had been detected and removed from two PCs, saying no information had been leaked. A Department of Transportation spokeswoman said the agency could not find any indication of a breach and a spokeswoman for Hughes said she was unaware of any breaches.
They were fairly selective about their targets which meant they stayed under the radar for some time.
Prevx said the malware it identified uses a program named NTOS.exe that probes PCs for confidential data, then sends it to a Web site hosted on Yahoo Inc. That site’s owner is likely unaware it is being used by hackers, Morris said.
He believes the hackers have set up several “sister” Web sites that are collecting similar data from other squadrons of malware. It was not clear whether the hackers used any information stolen from more than 1,000 PCs.
The hackers only targeted a limited group of computers, which kept traffic down and allowed them to stay under the radar of security police, who tend to identify threats when activity reaches a certain level.
The fact is off the shelf AV solutions CANNOT detect custom malware, this has been known about for a long time but it’s never really sunken in to the brains of the people in charge.
A little bit of programming and a little bit of imagination and most companies can still be owned with a custom trojan.
Source: Reuters
Sandeep Nain says
and what was the excuse this time??
well no doubt hackers are becoming smarter every day… but a little more hardwork and security awareness whould have done the job…
SN says
Hackers might be becoming smarter .. but how about users? we dont live in a world where it is ok to be naive.
backbone says
you are right Darknet… I bet even 29A (which is a VX group) would write an undetectable trojan for some cash =)
TheRealDonQuixote says
@BackBone
You can find source codes and multiple variants for trojans, worms and other assorted malware and “hack tools” at VX Chaos File Server. Check in the “Unknown Malware” and “Uploads” sections for the naughty stuff that no one has even seen yet!! No cash needed.
There is also, leetupload.com, but they haven’t been in the VX trading and collecting game nearly as long as Azag over at VXChaos. VXhavens is another hot spot for the l33t s**t.
backbone says
TheRealDonQuixote VXheavens is my favorite VX website, if you would have searched a bit the website you would have seen my tiny com virus there ;)
Sandeep Nain says
SN: Yes you are right, thats why some more hardwork and security awareness is needed to keep these smart hackers away…
MPV: You are right… its not the first time US govt has been expposed… I hope they start keeping an eye on such vulnerabilities and start some (in)security awareness programme for their staff.
Nobody_Holme says
Does any US government agency have good security?
I ask this because i’m actually worried how many people have access to serious military hardware…
Anyway, theres no way you can scan for every possible script all the time, or thats all your servers will be doing, therefore almost anyone will be ownable (is that a word) with a custom script, in theory.
moons says
Ouch. Thats gotta be a pain. Contrary to it, i don’t think Department of Defense data or military ops would be so easy though. I’m sure they probably have good hierarchies for anyone trying to access. and probably even paranoid filters.