Friday, April 8, 2011

Hartford Servers Compromised

The Hartford Servers Infected with Password-Stealing Malware

(April 6 & 7, 2011)

The Hartford insurance company has notified approximately 300 employees,

contractors and customers of a security breach in which attackers

managed to install password-stealing malware known as Qakbot on some of

the company's servers.  The attack was discovered in February 2011;

fewer than 19 customers were affected.  The Hartford sent letters to

people who had logged in to an infected server between February 22 and

28, 2011.

The press loves big numbers, so incidents

like the Epsilon compromise get lots of attention. But there are huge

numbers of compromises like this one happening that are much more

targeted and often actually more damaging than many of the large scale

attacks because they go undetected longer. Qakbot had some really

sophisticated variants that actually only forward targeted credentials

out to command and control/drop sites, reducing its "noise" level even