February 23, 2007 – (HOSTSEARCH.COM) – A 'Pharming' attack exploited a flaw in Microsoft software to attack the customers of 50 banks in the US, Europe, and Asia-Pacific, it was reported recently. The attack was very sophisticated as far as pharming attacks are concerned, and a number of providers were forced to shut down websites hosting the malicious code.
Internet users were directed to a website where a vulnerable computer would download a Trojan horse in a file called "iexplorer.exe". This file would then download a further five files from a server in Russia. The attackers built websites that were mirror images of websites owned by the financial institutions they were attacking. If a user of an infected computer visited one of the target banks’ legitimate websites, they were automatically transferred to the relevant mirror site where they would divulge user names and passwords as though they were using their normal accounts.
Servers in Germany, Estonia, and the United Kingdom were recognized as hosting the malicious code. Analysts were not able to confirm exactly how many people had fallen victim to the scam, which took place over a three-day period.
