Application security, Patch/Configuration Management, Vulnerability Management

Mass-pharming attack targeting 50 banks is shut down

Fifty financial institutions in the United States, Europe and the Asia-Pacific region were hit with a well crafted pharming attack this week.

In preparation for the attacks, hackers created mock pharming websites for each financial institution they targeted, according to press reports from the IDG News Service.

Researchers from Websense told the wire service that attackers lured victims to a website hosting malicious code that exploited a patched Microsoft vulnerability.

Microsoft patched the flaw last May. The vulnerability requires a user to only visit a website to have his or her PC infected by malware.

In this attack, the malicious website would download a trojan known as ieexplorer.exe, which downloads more malware from Russia. The websites then display an error message asking users to shut off firewalls and anti-virus software, according to the reports.

Victimized users are then redirected to the malicious pharming websites that appear similar to legitimate financial websites. Attackers can use the collected personal information for identity fraud, or sell the details to other criminals.

Dan Hubbard, vice president of security research at Websense, told today that the attacks were well researched and designed.

"They are very well planned and thought out. Resilient infrastructures, sophisticated malcode and very good back-end control and statistic," he said. "The use of malicious code is growing very fast. This is being used more and more and we believe it will rise in both frequency and sophistication. The attack success percentages are higher also."

ISPs have shut down websites hosting the malicious code in Germany, Estonia and the United Kingdom. The attack also installs a bot on infected PCs, according to the report.

Click here to email Online Editor Frank Washkuch Jr.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.