Security firm exposes massive crimeware server
A Trojan horse command-and-control server discovered in June contained 50GB of stolen user account and financial details, including 9,000 bank and credit-card account credentials from around the world and 463,582 user account passwords, according to a report published at the Black Hat security conference in Las Vegas this week.
The server appears to have been the central control point for Coreflood, a password-stealing Trojan and botnet that has been quietly infiltrating corporate networks since 2001, according to Joe Stewart, director of malware research for security firm SecureWorks, which co-operated with Spamhaus in shutting down the server.
In a presentation at Black Hat, Stewart said an analysis of scripts left behind on the server indicated that the 50GB of material represented about one-quarter of the details that had been harvested, the rest having been deleted.
Read the whole story here.