:: Deepquest ::

Internet security company NetWitness has just published a report that reveals an 18-month-long widespread hacker attack on computers worldwide whose topmost method of malware delivery was Facebook. However, while over 3500 Facebook login credentials were stolen, that’s a very tiny percentage given there are over 400 million users of this social media site. Yahoo and Hi5 came in 2nd and 3rd, respectively, for stolen credentials.

A NetWitness engineer found evidence of the hacker operation in late January 2010, while installing security software for a company. Additional evidence suggests that an Eastern European criminal group is possibly behind the attack, and used both German and Chinese computers – the latter because of the ease of operation and reduced chance of detection. As many as 68,000 login credentials — for online banking, social networking sites and email — were stolen from over 2,400 companies and government agencies. The effort likely exposed personal and corporate data and secrets, including credit card transaction info and intellectual property. American companies whose computers were attacked span a range of industries, including entertainment, technology, finance, energy, Internet providers, and education. There’s currently no indication of how much data was stolen or how it was used.

Initially, it’s believed that hackers in Germany started the operation in late 2008 by fooling employees of one organization into clicking on links via contaminated websites, email attachments or “virus cleaning” ads. Part of the also effort involved fooling government officials into installing spyware. Computers at as many as 10 U.S. government agencies were compromised, and even one soldier’s login info was stolen. At least one online credit card payments processing server was accessed. In one case, an employee was involved in allowing hackers to gain access to corporate servers.

After people clicked links, spyware known as ZeuS would be installed onto computers. ZeuS is a “Trojan horse” application that is available to hackers online in both free and paid forms, and works in the Firefox web browser. It’s a common tool for perpetrating malware infections. Despite expert opinions to the contrary, ZeuS appears to be used for more than just stealing online banking information. This was determined by NetWitness when they realized that many (over 50%) of infected computers also had “botnet” software installed, namely one known as Waledac. Breached computers become part of a botnet, and regular antivirus software usually does not detect the intrusion. They turn into “zombie” computers that can be controlled remotely and send sensitive information to hackers on a scheduled basis.