Windows servers hacked at The Hartford insurance company

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.computerworld.com/s/article/9215582/Windows_servers_hacked_at_The_Hartford_insurance_company

By Robert McMillan
IDG News Service
April 6, 2011

Hackers have broken into The Hartford insurance company and installed 
password-stealing programs on several of the company's Windows servers.

In a warning letter sent last month to about 300 employees, contractors, 
and a handful of customers, the company said it discovered the infection 
in late February. Several servers were hit, including Citrix servers used 
by employees for remote access to IT systems. A copy of The Hartford's 
letter was posted earlier this week to the website of the Office of the 
New Hampshire Attorney General.

"It was a very small incident," said Debora Raymond, a company 
spokeswoman. The victims were mostly company employees. Less than 10 
customers were affected by the malware, the W32-Qakbot Trojan, she said.

Qakbot has been around for about two years. Once installed it spreads from 
computer to computer in the network, taking steps to cover its tracks as 
it logs sensitive data and opens up back doors for the hackers to access 
the network.

[..]

Despite the presence of keylogging software, the insurance company's 
lawyer, Debra Hampson, said that her company has "no reason to believe 
that any information has been or will be misused." Victims are being given 
two years' free credit monitoring.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/