August 26, 2010, 2:37 PM

Infected web sites enabled hackers to steal information

The criminals snagged credit card and bank account numbers.

Allison Enright


Lead Photo

Hackers this spring uncovered security holes in web sites around the world. They then used those vulnerabilities to inject malicious code onto those sites. When a consumer visited a compromised site, his computer automatically downloaded malware that stole private information stored on their computers.

“The user did not need to take any action for this to happen,” says Yuval Ben-Itzhak, senior vice president of engineering at computer security firm AVG Technologies. The download happens, he says, just by visiting a compromised web site.

From the time AVG uncovered the infections, until it publicly released a report on the threat this month, the criminals had abandoned their attack, but not before lifting information including credit card and bank account numbers and passwords to e-mail accounts and social networking sites from an estimated 55,000 computers.

Ben-Itzhak says at least one e-commerce site was among those exploited. However, it is unclear whether the malware stole any secure data from that site.

AVG named the botnet—a piece of malicious software that runs automatically on computers it infects—Mumba when it uncovered the threat in July. It believes the botnet was created by the Avalanche Group, which is known in security circles for launching phishing campaigns and malware. The term botnet is also often used to describe a network of captive computers that hackers use to mount attacks, but in this case each computer is infected when it visits the infected site.

AVG says e-commerce sites and consumers can take actions to help protect themselves from the attack. Web sites should make sure data are encrypted in the database that stores them.




Sign In to Make a Comment

Comments are moderated by Internet Retailer and can be removed.

Not a member? Signup for free today!




Relevant Commentary


Jason Squardo / Mobile Commerce

Five tips for achieving high mobile search rankings

Searches on mobile devices will soon exceed those on computers, Google says. Retailers that keep ...


Sergio Pereira / B2B E-Commerce

Quill turns to its B2B customers for new ideas

Coming in April is a new section of that will let customers and Quill ...