Russian gang goes after network administrators

The New York Times reported that a gang of Russian criminals has been using network admin software as part of a nefarious plot to hijack thousands of PCs for passwords and other personal information. The gang, first identified in May by Joe Stewart, director of malware at research firm SecureWorks, was found to be running a keystroke recording program siphoning information from more than 100,000 infected computers. When the operation’s program, running from a hosting center in Wisconsin, was shut down, the gang moved it to the Ukraine, beyond the reach of U.S. law.

While one should always be on the lookout for password hijacking gangs, the moral of the tale seems to be that while security systems get more sophisticated, criminals just find easier ways to break in.

The Times report comments,

“The new form of attack indicates that little progress has been made in defusing the threat of botnets…Stewart’s discoveries are evidence that while the botnet problem is now well understood, botnets are still a widespread threat.”

These ‘new’ forms of attack simply look for a network admin PC to infect and then use Windows admin tools to infect all the computers for which that admin was responsible. Stewart reportedly believes that this gang was responsible for nearly 400,000 infections in just 16 months.

Stewart plans to offer more details about the Russian gang and other similar admin hijacking plots at the Black Hat Briefings security conference beginning later this week in Las Vegas.