The Hartford Servers Infected with Password-Stealing Malware
(April 6 & 7, 2011)
The Hartford insurance company has notified approximately 300 employees,
contractors and customers of a security breach in which attackers
managed to install password-stealing malware known as Qakbot on some of
the company's servers. The attack was discovered in February 2011;
fewer than 19 customers were affected. The Hartford sent letters to
people who had logged in to an infected server between February 22 and
28, 2011.
The press loves big numbers, so incidents
like the Epsilon compromise get lots of attention. But there are huge
numbers of compromises like this one happening that are much more
targeted and often actually more damaging than many of the large scale
attacks because they go undetected longer. Qakbot had some really
sophisticated variants that actually only forward targeted credentials
out to command and control/drop sites, reducing its "noise" level even
more
(April 6 & 7, 2011)
The Hartford insurance company has notified approximately 300 employees,
contractors and customers of a security breach in which attackers
managed to install password-stealing malware known as Qakbot on some of
the company's servers. The attack was discovered in February 2011;
fewer than 19 customers were affected. The Hartford sent letters to
people who had logged in to an infected server between February 22 and
28, 2011.
The press loves big numbers, so incidents
like the Epsilon compromise get lots of attention. But there are huge
numbers of compromises like this one happening that are much more
targeted and often actually more damaging than many of the large scale
attacks because they go undetected longer. Qakbot had some really
sophisticated variants that actually only forward targeted credentials
out to command and control/drop sites, reducing its "noise" level even
more
