Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Most Web Users Safe As Major Net Attack Slows To Keyboard Logging: Page 2 of 5

"This [attack] is only in the early stages," said Dunham, "and the IP address [for the Russian site] could easily be changed in future variants. Even as these hacker sites rise up and fall down, we still have the attack issue to deal with."

More attacks are probably in the offing because of the group behind the attack. "It looks like the HangUP Team out of Russia is doing this," he said. F-Secure, a Finnish anti-virus firm that's been aggressively analyzing the attack, also pegged HangUP as the most likely culprit.

HangUP, a for-profit malicious code-cutting group out of Russia, developed the backdoor Trojan horses that were uploaded to client systems exploited by Friday's attack. Those Trojans "are designed to steal credit card and other information that is then marketed to organized identity theft markets," said Dunham.

The reason why Dunham and others expect additional attacks is because of HangUP's past practice with the Korgo worm, which the group is also suspected of writing. Korgo, now in its eighteenth variation, exploits the LSASS vulnerability in Windows which was made public several months ago.

"It's highly likely that we'll see additional attacks, if, in fact, HangUP is behind this, because of the number of Korgo variants it's put out," said Dunham.