At the Black Hat conference last week, Joe Stewart of security firm SecureWorks reported on shutting down the main server for Coreflood, a criminal network that grew from a Trojan to become a massive repository of stolen data.
Coreflood was really noticed in 2004, when hackers infected a company with a Trojan and stole money from a US company. After that, however, it appeared to go underground. But earlier this year SecureWorks and Spamhaus shut down one of its servers and discovered 50 GB of stolen data – although SecureWorks says more than four times this amount had been previously harvested and discarded. The data included 3,233 credit card usernames and passwords, 8,485 bank and credit union usernames and passwords – all in all, a total of just under half a million usernames and passwords to over 35,000 domains.
