August 26, 2010, 2:37 PM

Infected web sites enabled hackers to steal information

The criminals snagged credit card and bank account numbers.

Lead Photo

Hackers this spring uncovered security holes in web sites around the world. They then used those vulnerabilities to inject malicious code onto those sites. When a consumer visited a compromised site, his computer automatically downloaded malware that stole private information stored on their computers.

“The user did not need to take any action for this to happen,” says Yuval Ben-Itzhak, senior vice president of engineering at computer security firm AVG Technologies. The download happens, he says, just by visiting a compromised web site.

From the time AVG uncovered the infections, until it publicly released a report on the threat this month, the criminals had abandoned their attack, but not before lifting information including credit card and bank account numbers and passwords to e-mail accounts and social networking sites from an estimated 55,000 computers.

Ben-Itzhak says at least one e-commerce site was among those exploited. However, it is unclear whether the malware stole any secure data from that site.

AVG named the botnet—a piece of malicious software that runs automatically on computers it infects—Mumba when it uncovered the threat in July. It believes the botnet was created by the Avalanche Group, which is known in security circles for launching phishing campaigns and malware. The term botnet is also often used to describe a network of captive computers that hackers use to mount attacks, but in this case each computer is infected when it visits the infected site.

AVG says e-commerce sites and consumers can take actions to help protect themselves from the attack. Web sites should make sure data are encrypted in the database that stores them.

 

 

comments powered by Disqus

Advertisement

Advertisement

Advertisement

From IR Blogs

FPO

Jim Erickson / E-Commerce

Why Western brands should register trademarks in China—now

China doesn’t recognize trademarks registered in other countries. Companies that register first in China get ...

FPO

Asher Elran / E-Commerce

E-commerce and duplicate content: solutions to common problems

Google penalizes retail web sites that display the same content on multiple pages, or that ...

Advertisement