SecureWorks comes across a huge data cache

Jul 1, 2008 08:23 GMT  ·  By

Joe Stewart, Director of Malware Research with SecureWorks has recently made public the fact that he found a stolen data cache of unprecedented size. AFcore is a Coreflood trojan that has so far been able to avoid detection, using all this time it has been hidden to gather as much private information as possible. The trojan works by infecting a particular work station and then laying there dormant until the network admin accesses that computer. The trojan remembers all usernames and passwords so, by grabbing the admin's log-in data, it can spread throughout the entire network. SecureWorks has already come up with security solutions for the Afcore trojan and has announced all its collaborators to do the same. Law enforcement agencies have also been briefed about the current situation.

The trojan has so far been able to infect thousands of individual PCs belonging to all kinds of corporations. The purpose of the trojan is to gather the user's personal and bank information and then deliver it to the hacker. Besides user names and passwords, the virus also stores the text content of the web page the user visits, so the hacker can be able to better determine if the info is valuable or not. For example, if an employee goes online to check their bank balance or make an e-payment, the trojan will detect their username, password and all other text info. The hacker can then take a look at said text and determine if it is worth accessing the user's bank account or not. He saves huge amounts of time by accessing only certain accounts and not all of them.

SecureWorks researchers say that getting an exact figure regarding how much money the trojan has access to is a laborious and lengthy task. Keeping in mind that thousands of computers were infected, that amount could easily surpass a few million dollars.