Mass-pharming attack targeting 50 banks is shut down

Fifty financial institutions in Europe, the United States and the Asia-Pacific region were hit with a well crafted pharming attack this week.

In preparation for the attacks, hackers created mock pharming websites for each financial institution they targeted, according to press reports from the IDG News Service.

Researchers from Websense told the wire service that attackers lured victims to a website hosting malicious code that exploited a patched Microsoft vulnerability.

Microsoft patched the flaw last May. The vulnerability requires a user to only visit a website to have his or her PC infected by malware.

In this attack, the malicious website would download a Trojan, known as ieexplorer.exe, which downloads more malware from Russia. The websites then display an error message asking users to shut off firewalls and anti-virus software, according to the reports.

Victimised users are then redirected to the malicious pharming websites that appear similar to legitimate financial websites. Attackers can use the collected personal information for identity fraud, or sell the details to other criminals.
Dan Hubbard, vice president of security research at Websense, told SCMagazine.com today that the attacks were well researched and designed.

"They are very well planned and thought out. Resilient infrastructures, sophisticated malcode and very good back-end control and statistic," he said. "The use of malicious code is growing very fast. This is being used more and more and we believe it will rise in both frequency and sophistication. The attack success percentages are higher also."

ISPs have shut down websites hosting the malicious code in Germany, Estonia and the UK. The attack also installs a bot on infected PCs, according to the report.

Sign up to our newsletters