Bank information of thousands sent to Russian hackers

Local News

Guest Book

November 7, 2008

By J OSBORNE, Editor The Daily Register Fri Nov 07, 2008, 10:11 AM CST

A University of Alabama (UAB) blog, CyberCrime & Doing Time, reports that a new Computer Virus which masquerades as Obama Acceptance Speech Video is making the rounds.

This virus downloads passwords to bank accounts and credit cards and any other hidden information stored on your computer.

The site reads, “Less than twelve hours after President-Elect Obama’s historic acceptance speech, computer criminals have already crafted a malware attack based on the speech. The UAB Spam Data Mine has observed more than 300 spam messages which invite email readers to view the speech with a spam message to entice readers into going to the site to listen to Obama’s acceptance speech.

The originator of the e-mail appears to be a major news outlet such as news@cnn.com, news@usatoday.com or news@bbc.com among the hundreds of pseudo sites the e-mail uses.

There are, according to the UAB blog, only five different websites which are used to host the fake website.

The spam message sends users to the page “president.htm” which claims that you need a new Adobe_flash9.exe player in order to view the video.

The virus has been reported to VirusTotal.com, where it was first reported at about 5:24 p.m. Nov. 5.

Currently 14 of 36 anti-virus products represented at VirusTotal have detection for this version of the malware, which is a keylogger in a family sometimes called “SnifULA.”

Student Malware Analysts in the UAB Computer Forensics department have analyzed the malware and indicate that the stolen login credentials are being sent to the Ukraine. The virus steals userids and passwords, and posts them to this IP address:

The Adobe_flash9.exe of course is not the Adobe file. It is a malware which downloads a rootkit into the user’s computer and then sends vital data to multiple command and control servers.

It was also noted that the malware:

• Contains rootkit technology to conceal itself

• Is designed to steal information from an infected computer

• Also has general “backdoor” functionality — which means the hackers may get back into your computer at any time without your knowledge.

• Spies on user’s keyboard and mouse inputs and can take screenshots and e-mail them to the originator

• Looks for passwords

It submits the information it needs to a Web server located in Kiev, Ukraine.

What this means is that the data goes into cyberspace and the hackers can remotely control your computer. This is particularly critical if e-banking transactions have been carried out, since this data is now available to the hacker. Attackers used the names of well known publications in the email subject line to encourage users to click on the links. They used several variations of malicious lures mainly containing videos.

As always, we recommend that you do not follow links received in email, but rather type the name of a reputable news website in your browser if you would like to see the news.

Posted by UAB’s Director of Research in Computer Forensics at 9:41 AM

Text Only

Local News

Gainesville PD joins 'Click It or Ticket' campaign
The 2012 national “Click It or Ticket” seat belt enforcement
mobilization began Monday to help save lives by cracking down on those
who don’t buckle up.

May 24, 2012
Don't let food poisoning ruin your holiday
As with all holiday feasts, Memorial Day cookouts may carry a
heightened risk of food poisoning, depending on the “hows and whats”
of the meal.

May 24, 2012 1 Photo
Education Award Winners
Staff photo by Greg Russell
Gainesville Daily Register Publisher Jim Perry (left) and Assistant
Editor Delania Trigg display awards recently granted to the newspaper
for coverage of education. Perry holds a “Community Member
Recognition” award, granted by Gainesville Independent School
District; and Trigg holds a “School Bell Award,” presented by the
Texas Retired School Personnel Association.

May 24, 2012 1 Photo
Gainesville PD joins 'Click It or Ticket' campaign
The 2012 national “Click It or Ticket” seat belt enforcement
mobilization began Monday to help save lives by cracking down on those
who don’t buckle up.

May 24, 2012
Tallying continues in Gainesville hospital board election
The tallying continues for administrators of the May 12 Gainesville
Hospital District election — who have scheduled a recount for 2:30
p.m. today in the North Texas Medical Center boardroom.

May 23, 2012
Hirings and kind words fill GISD board meeting
Hirings and commendations highlighted Monday’s regular Gainesville ISD
Board of Trustees meeting.

May 23, 2012 1 Photo
Additional Cooke County sentencings released
Jeremiah Johnson Jarvis, convicted of aggravated assault with a deadly
weapon, was sentenced to seven years probation and fined $1,500, plus
$253 in court costs.

May 22, 2012
Letter carriers collect tons of food for VISTO
A Cooke County benefit organization currently has another several
thousand pounds of food to spread among families in need, thanks to
collection efforts by the Gainesville Post Office.

May 22, 2012
'Pink ladies' now seeing red at medical center
For the first time in their history, North Texas Medical Center
Auxiliary members are wearing red.

May 22, 2012 1 Photo
Eclipse over Lake Ray Roberts
Sunday evening’s partial annular eclipse of the sun is shown here as
seen from the Lake Ray Roberts shore during sunset.

May 22, 2012 1 Photo
More Local News Headlines

Who do you think will win the Republican nomination for President?

Local News

Search Results

Guest Book

Bank information of thousands sent to Russian hackers

Who do you think will win the Republican nomination for President?

Site Map

Contact Us