BreachExchange mailing list archives
Re: [Dataloss] Windows servers hacked at The Hartford insurance company
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 7 Apr 2011 05:17:55 -0400
W32.Qakbot spreads by exploiting vulnerabilities when a user visits certain Web pages. Exploit code hosted at these remote locations downloads the threat on to the compromised computer. Many of the infections are aided by users unwittingly clicking on malicious links... The worm also spreads through network shares by copying itself to shared folders when instructed to by a remote attacker. (http://www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99) I wonder if this is a new variant, or if The Harford was not running AV on their servers or workstations. On Thu, Apr 7, 2011 at 4:05 AM, security curmudgeon <jericho () attrition org> wrote:
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.computerworld.com/s/article/9215582/Windows_servers_hacked_at_The_Hartford_insurance_company By Robert McMillan IDG News Service April 6, 2011 Hackers have broken into The Hartford insurance company and installed password-stealing programs on several of the company's Windows servers. In a warning letter sent last month to about 300 employees, contractors, and a handful of customers, the company said it discovered the infection in late February. Several servers were hit, including Citrix servers used by employees for remote access to IT systems. A copy of The Hartford's letter was posted earlier this week to the website of the Office of the New Hampshire Attorney General. "It was a very small incident," said Debora Raymond, a company spokeswoman. The victims were mostly company employees. Less than 10 customers were affected by the malware, the W32-Qakbot Trojan, she said. Qakbot has been around for about two years. Once installed it spreads from computer to computer in the network, taking steps to cover its tracks as it logs sensitive data and opens up back doors for the hackers to access the network. [..] Despite the presence of keylogging software, the insurance company's lawyer, Debra Hampson, said that her company has "no reason to believe that any information has been or will be misused." Victims are being given two years' free credit monitoring. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
_______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Windows servers hacked at The Hartford insurance company security curmudgeon (Apr 07)
- Re: [Dataloss] Windows servers hacked at The Hartford insurance company Jeffrey Walton (Apr 07)