[The code] is almost verbatim with what we saw in early August used in an Iraqi news scam. |
Although the ability [of these exploits] to spread is mitigated by the fact that they're all Web based so far, the potential for a more widespread attack is there. |
And this is just one site. Together, these sites have compromised tens if not hundreds of thousands of systems. |
Five years ago we set a goal of having $1 trillion in assets under management by the year 2005. We've reached that goal four years ahead of schedule. When we sat that goal, we had $125 billion in customer assets. |
He's working as hard or harder than I've ever seen him. |
In recent years with the airline restructuring, we think there is less disparity at the top of the pay scale. |
It puts a bunch of code on a site that not only detects what browser the victim is running, but then selects one of seven different vulnerabilities to exploit, depending on how well patched the browser is. |
It's a huge pool of potential victims. Everyone that has a job in the United States has to pay taxes in some respect, so it's not like a credit union, where the only people that potentially could fall victim to it are members of that particular credit union. |
One of the unique things about this Trojan is that it appears to be using a toolkit called Yoda that allows the author to create pseudo-polymorphic code. It's a way to thwart anti-virus signatures. |
Sober has been mitigated pretty well. I would be really surprised if there's still a problem. I don't see it being a big issue. |
The combination of having a large pool of potential users to target and the timeliness of the current event could lead to high numbers of both consumer and corporate victims. |
The sheer percentage of sites that are compromised versus owned by the attacker is higher than usual. |
The site is performing very, very nicely. We're constantly trying to put ourselves in a position where we can handle expanded volume. |
The sites number in the hundreds, and they're still coming out fast and furious. The potential for a major outbreak is there. There's no patch from Microsoft, and there are a number of kits online that allow easy exploit building. |
The use of multiple vulnerabilities isn't commonplace. But this [toolkit] shows how hackers are becoming more and more organized. |