Finjan unveils business and personal data found in unique log files hosted unprotected on a Crimeserver running a Command & Control Application
Finjan, a provider of secure web gateway products, announced its discovery of a server controlled by hackers (Crimeserver) containing more than 1.4 Gigabyte of business and personal data stolen from infected PCs. The data consisted of 5,388 unique log files. Both email communications and web-related data were among them.
The compromised data came from all around the world and contained information from individuals, businesses, as well as renowned organizations, including healthcare providers.
To illustrate the scope; the server contained among others 571 log files from the US, 621 from Germany (DE), 322 from France (FR), 308 from India (IN), 232 from Great Britain (GB), 150 from Spain (ES), 86 from Canada (CA), 58 from Italy (IT), 46 from the Netherlands (NL), and 1,037 from Turkey (TR).
Due to the sheer impact, Finjan followed its company guidelines and promptly notified over 40 major international financial institutions located in the US, Europe and India whose customers were compromised as well as various law enforcements around the world.
Finjan’s Malicious Code Research Center (MCRC) detected a Crimeserver which was used as a command and control for the Crimeware that was executed on infected PCs. This Crimeserver was also used as the “drop site” for private information being harvested by that Crimeware.
The Command & Control applications on this Crimeserver enabled the hacker to manage the actions and performance of his Crimeware, giving him control over the uses of the Crimeware as well as its victims.
“This report provides a unique example of the type and amount of data today’s cybercriminals are collecting. Crimeware infected PCs are a serious business problem that requires proactive action since it is no longer just a technical IT problem.The existence of large amount of data on a server that hackers can easily manage and control shows the rapid evolution of cybercrime,” said Yuval Ben-Itzhak, CTO of Finjan. “We entered a new era in which criminals just need to log into their “data supplier” and download any information suitable for them to conduct their crime – being it financial fraud, industrial espionage or identity theft.”