NEWS FROM THE LAB - Friday, September 29, 2006

Reselling stolen information Posted by Mikko @ 11:42 GMT

Haxdoor rootkit-equipped backdoors are widely used - in the "Rechnungen" and "R´┐Żkningen" spam runs in Germany and Sweden for example.
A-311 Death
These changing Haxdoor variants are generated with a toolkit known as "A-311 Death".

The toolkit itself is sold on the Internet by its author, known as "Corpse" or "Korpsov".

Now, people who use such backdoors quickly collect a lot of information from infected computers. Information such as passwords, credit cards, and bank logons. Some of these attackers filter the logs they collect to find juicy information and then use it themselves. Others grep the data for e-mail addresses (to sell them to spammers) and for credit card numbers and bank logins (to sell them to fraudsters).

Then again, others take the easy way out and end up selling the logs as they are, by the megabyte. Here's a screenshot from one forum:

380mb of logs