Hackers behind the Coreflood Trojan virus used administrator computers to reach hundreds of thousands of computers on their respective networks, with Microsoft’s PsExec program a vital program in the infections. The infections have led to the loss of banking account usernames and passwords as well as other sensitive financial information. Hackers trick administrators into downloading malicious software. Once the administrator log into the computer again and runs PsExec, the malware attempts to infect the computers associated with the networks, unknowingly giving away their passwords and, consequently, the power to reach thousands of
The viruses primarily affect large corporations where administrators have access to thousands of accounts, but according to online security company SecureWorks, universities, law firms, and hospitals are among the Trojan victims.
According to Joe Stewart, director of malware research at SecureWorks, the Coreflood Trojan virus has given hackers a 50GB database of such private and powerful information.
The security company states that within the last year and a half, hackers have obtained access to over 378,000 computers through administrator computers.
Ironically, what was once a boundary to the malware producers is their gateway to hundreds of thousands of usernames and passwords that make them privy to millions of dollars.
Since August 2004, when Microsoft began shipping its Windows XP Service Pack 2 that includes the administrator software PsExec, hackers have had a tougher time infecting this number of computers.
Though PsExec has been used to spread viruses, it has not been used through the administrator to reach the thousands of computers like the most recent attacks.