A security researcher has discovered a criminal database
containing access details for 200,000 servers worldwide belonging
to organisations including the BBC in the UK.
The database was being used by at least two e-crime groups in
Europe and one in the US to infiltrate company and organisation
servers in 86 countries.
The access details were harvested from visitors to
legitimate websites that had been infiltrated using the
Neosploit 3.1 hacker toolkit.
Malware is transferred to the vistors' computers and when they
access IT systems within their organisation, the access details are
captured and sent to the criminal database.
Ian Amit, director of security research at Israeli-based Aladdin
Knowledge Systems told Computer Weekly that around 107,000 of the
200,000 records had been validated.
UK organisations accounted for 900 of the validated credentials
found on the database, including the BBC, which was among those
notified of the threat last week.
Amit said of those 900 validated UK records, 600 had been used
to infiltrate legitimate websites hosted in the UK as well as about
82,000 other websites around the world.
All affected websites and important organisations listed on the
criminal database have been notified by a task group set up by the
internet security organisation, CERT.
However, Amit said it would still take some time to notify all
the owners of all 200,000 records found on the database.