Hackers slip through enterprise defenses

Buy an ad on DigitalJournal.com

According to Mel Morris, chief executive of British Internet security provider Prevx Ltd., hackers used a computer program, NTOS.exe, to steal information from the U.S. Department of Transportation and several corporations using fake job-listings on ads and e-mail.

The list of victims included several security services companies who should have know better. They include consulting firm Booz Allen, computer services company Unisys Corp., defense contractor L-3 communications, computer maker Hewlett-Packard Co. and satellite network provider Hughes Network Systems. It was not clear whether the hackers used information stolen from the personal computers, Morris said.

NTOS.exe gathered confidential data from PCs, which it then encrypted and sent to a Web site hosted on Yahoo!. That site's owner probably remains unaware that the site has been compromised. The site is believed to host data stolen from more than 1,000 PCs. Morris said that he believes the hackers have set up several "sister" Web sites that are collecting similar data from other squadrons of malware.

The malicious program was able to elude security systems because it was not previously identified as dangerous. And the hackers only targeted a small number of personal computers, keeping kept traffic down and allowing them to stay under the radar of security systems.

"What is most worrying is that this particular sample of malware wasn't recognized by existing antivirus software. It was able to slip through enterprise defenses," said Yankee Group security analyst Andrew Jaquith, who learned of the breach from Morris.

Internet security firms reacted on Monday night by releasing patches to fight the malicious software.