200,000 Web sites compromised
Cybercriminals have acquired administrative log-in credentials for more than 200,000 Web sites and have used the compromised domains to attack unsuspecting users' PCs with a notorious hacker exploit kit, according to a Computer World report
. The compromised Web sites included those belonging to Fortune 500 companies, weapons manufacturers and the U.S. Postal Service's www.usps.gov.
According to Computer World, Ian Amit, director of security research at Aladdin Knowledge Systems Inc., found and infiltrated a server belonging to a longtime customer of Neosploit, a hacker tool kit used by cybercriminals to launch exploits against browsers and popular Web software such as Apple Inc.'s QuickTime or Adobe Systems Inc.'s Adobe Reader. On that server, Amit uncovered logs showing that two or three hacker gangs had contributed to a massive pool of Web site usernames and passwords.
More than half of the site credentials'approximately 107,000'had been validated by the cybercrooks' custom application as providing administrative access to the sites.
The site credentials were only the means to an end: 80,000 modified sites were used as attack launchpads. Each served up exploit code provided by the Neosploit kit to any visitor running a Windows system that had not been fully patched, Copmuter World reported.
To read the full Computer World report, click here