Russian Gangs Play Hack the Admin

[phernandez]

Why go after end-users when you can ensnare them all in one fell swoop?

Russian Gang Hijacking PCs in Vast Scheme - The New York Times

As part of his investigation, Mr. Stewart charted the rate of computer infections at a state police agency and a large hotel chain. Both were victims of an outbreak that began after the gang obtained the password and login information of their network administrators. In both cases hundreds or thousands of computers were infected within minutes or hours.

Mr. Stewart would not name the organizations because of the continuing law enforcement investigation.

In these examples as well as a range of others, the gang infected a machine belonging to an administrator and then used Microsoft administrative tools to infect all the computers for which that person had responsibility, Mr. Stewart said.

[phishphreek]

Makes perfect sense to me. The admin probably had the ability to disable certain AV signatures on a wide basis too. Seems like it would have been a very efficient hack.

[Cider]

“Many corporations seem to think it’s O.K. to be infected several times a month.”

Oh yes - Try telling a company to jack up their AV or security and it goes in one ear and out the other. Even if they are infected, if they are running at a productive level they couldnt care.

Black Hat Briefings computer security conference that begins Thursday in Las Vegas.

Maybe one of you guys can catch em :P

The new attack is a byproduct of the way modern computer networks are administered, where authority is centralized and software updates for thousands of machines are automated.

So is he saying the old conventional way of each PC having its own admin password is the best security, so if one PC is infected the rest are safe until they are cracked?

Thanks for the article

[ninjafish]

Oh yes - Try telling a company to jack up their AV or security and it goes in one ear and out the other. Even if they are infected, if they are running at a productive level they couldnt care.

I cant tell... sarcasm?

[nihil]

More cynical I would have said, but unfortunately true.

There are numerous organisations that accept malware infections as a matter of course. So long as it does not affect their operations dramatically or drop them into regulatory compliance difficulties. They tacitly allow employees to surf the net, run P2P applications, visit their social networking sites and access their private e-mail accounts.

So is he saying the old conventional way of each PC having its own admin password is the best security, so if one PC is infected the rest are safe until they are cracked?

I don't think so. In those environments there was always a super administrator account. Pretty much the same as compromising the network administrator and central updating mechanism.

There is also bad stuff that crawls over the network with "system" rights?

Part of the issue might be that the nature of malware has changed? These days it is very commercial, criminal and stealthy. If we were still in the days of viruses with malicious payloads and worms that choked your bandwidth bringing whole businesses to a halt, then I think that management attitudes would be rather different.

Another thought is that the way we use computers has changed. We now have thin clients, network applications and web-based applications as commonplace. Basically the more you communicate and the more ways in which you do so, the more doors you leave open.

When I repair or upgrade a machine I routinely scan it for malware, and it is amazing the amount of stuff that I find that the owner just isn't aware of because it doesn't have any noticeable effect on their computer usage........... other than maybe it running a bit slower?