--------------------------------------------------------------------------------

August 6, 2008
Russian Gang Hijacking PCs in Vast Scheme
By JOHN MARKOFF
A criminal gang is using software tools normally reserved for computer network administrators to infect thousands of PCs in corporate and government networks with programs that steal passwords and other information, a security researcher has found.

The new form of attack indicates that little progress has been made in defusing the threat of botnets, networks of infected computers that criminals use to send spam, steal passwords and do other forms of damage, according to computer security investigators.

Several security experts say that although attacks against network administrators are not new, the systematic use of administrative software to spread malicious software has not been widely seen until now.

The gang was identified publicly in May by Joe Stewart, director of malware research at SecureWorks, a computer security firm in Atlanta. Mr. Stewart, who has determined that the gang is based in Russia, was able to locate a central program controlling as many as 100,000 infected computers across the Internet. The program was running at a commercial Internet hosting computer center in Wisconsin.

Mr. Stewart alerted a federal law enforcement agency that he declined to identify, and he said that it was investigating the matter. Although the original command program was shut down, the gang immediately reconstituted the system, he said, moving the control program to another computer in the Ukraine, beyond the reach of law enforcement in the United States.

The system infects PCs with a program known as Coreflood that records keystrokes and steals other information. The network of infected computers collected as much as 500 gigabytes of data in a little more than a year and sent it back to the Wisconsin computer center, Mr. Stewart said.

One of the unique aspects of the malicious software is that it captures screen information in addition to passwords, according to Mark Seiden, a veteran computer security engineer. That makes it possible for gang members to see information like bank balances without having to log in to stolen accounts.

Mr. Stewart’s discoveries are evidence that while the botnet problem is now well understood, botnets are still a widespread threat.

“The rate of infection is still high, but concern among corporations is low,â€