Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Look At the CoreFlood Botnet

Posted by Soulskill on from the from-russia-with-love dept.

CNet is running a story about research from security expert Joe Stewart into the CoreFlood botnet, which has harvested at least "50 gigabytes of compressed data, searchable in a MySQL database," from a group of over 370,000 bot IDs. Stewart explains how the botnet operates and some of the things he's learned about the group that operates it. "Within the 50GB file, Stewart was able to discern how the thieves culled the data. He said they run a test script against that data that will log via a proxy into the bank using the credentials captured, say by a keylogging application. The CoreFlood script will then capture the HTML data on the post long-in page. In most cases, that page also contains the account's bank balance. They do that, he said, so that after running the test they have a picture of what are the highest dollar amounts. 'I don't know whether they steal from all of them. We don't have access to the accounts; the bank is not going to tell us how much was stolen out of any given account. We're not going to get that information, but we know they're actively logging and checking accounts to collect the balance data. The only reason (the script) can see that data is to target the biggest accounts first,' he said."

3 of 120 comments (clear)

  1. Re:Key Generator by Anonymous Coward · · Score: 5, Informative

    Not only do I use one of those for logging in, but any financial transaction has to be signed with the pad.

    For the bank where I have my loans, I have an SSL certificate and signature to confirm my identity.
    That same certificate is tied to my national identity card, meaning I can use it for a lot of other things as well.

    All in all, I can't understand why the US is so far behind when it comes to online banking.
    I mean, I've had this for eight years now, and it'sbeen around longer.

    Much love from Sweden ;)

  2. Re:Key Generator by MrMr · · Score: 4, Informative

    That can be effective, just make sure the answers are not correct in a naive way. For instance Mothers maiden name= FE31BB076800267D0BA etc...

  3. Re:Online banking? Sign me up!!!! by cpghost · · Score: 4, Informative

    Yes, they are, like any other OTP system. Moreover, some banks also allow you to click in the numbers with a mouse by providing a keypad image. If you feel paranoid about key loggers, just use the mouse. But the real security is, of course, the one-time nature of those numbers.

    --
    cpghost at Cordula's Web.