Botnet Lair in Ukraine Demonstrates Dangers of Infection

Barry Levine, <a href='http://www.newsfactor.com'>newsfactor.com</a>

A recently discovered server in Ukraine demonstrates the danger -- and volume -- of industrial-level identity theft. The server, located by the United Kingdom-based security firm Prevx, was a storage site for data stolen from 160,000 computers that had been infected by viruses.

The server remained online for a month after the Internet service provider, and legal authorities, were alerted to its presence. During that time, it continued to steal data from about 5,000 computers daily, which were harvested through the use of viruses that collect and transmit data. A network of such infected computers is known as a botnet.

'Keys to the Castle'

The stolen data found in the server included e-mails, Facebook passwords, Social Security numbers and log-on info for banks. Prevx was able to find and probe the server because of its poor security protection.

Some of the data came from the infected computer of a U.S. community bank, Metro City Bank in Doraville, Ga., which apparently was not well protected. Such lax protection, said Prevx's director of malware research Jacques Erasmus, is like "giving criminals the keys to the castle." Metro City Bank has said that it is notifying customers and looking into the security breach.

Erasmus told news media that getting into a system may not initially result in "the biggest data heist ever," but this is how hackers get into a network, where they can increase their haul. An entry point through a lightly protected computer serves as a beachhead to launch a full-blown invasion.

In addition to relaying data, the botnets can also capture a stream of user activity. For instance, according to the Associated Press, the server in Ukraine had continuing information on a 22-year-old in Southern California, including registration of a domain name with GoDaddy.com, changing of a Yahoo e-mail password, and ordering from Pizza Hut -- along with data used for those transactions, such as his credit card number, birthdate, phone number and other confidential information.

Checking Net Usage

Prevx, which makes anti-botnet protective software, said thousands of PCs are infected every day and become part of botnets -- including computers protected by respected anti-virus and other security suites.

The security firm said that signs of infection include slow performance when doing some minor task, such as checking e-mail or surfing the Web. On a PC, the company recommends, open Task Manager by simultaneously pressing CTRL, ALT, and Delete keys, and then select Network. If the Internet network connection is more than a few percent usage, this could be a sign that extra transmission is going on.

Prevx suggests that the user then obtain a security product from a maker other than your current security suite, since it is obviously not doing a complete job. In addition to its own Prevx Edge, the company suggests products from AVG, Kaspersky, Panda or Sophos. In some cases, professional services may be required to remove the infection.

Security firm Symantec recommends that security software be configured to update automatically, since viruses change frequently. For Windows users, the company suggests that the most recent operating system update be installed, and that browser security settings by increased.