Russian Team Blamed For Last Week's Hack Attack

F-Secure's analysis of the Padador/Qukart code discovered a "copyright" message in the first seven variants. According to the Finnish security firm, the Trojan contain the phrase "Padonok coded by HangUP Team."

('Padonok' is a known HangUP project name, and is a misspelling of the Russian word 'podonok, which means 'scum,' said F-Secure.)

Later versions of the Trojan included only the word "Padonok" embedded in their code.

"Unless they provided their Padodor source code to someone else (which is doubtful), they are responsible for the latest Padodor/Qukart incidents," said F-Secure in a statement.

The Trojan horse, which was surreptitiously downloaded to machines running Internet Explorer from infected Internet Information Services (IIS) servers last week, watched for log in information for prominent sites such as PayPal, eBay, EarthLink, and Yahoo, then attempted to steal confidential financial information such as credit card numbers with a phishing-style scam.

The attack was stymied a week ago when the hacker site delivering the Padador Trojan, and other malicious components, was taken offline.

On Friday, Microsoft posted a stop-gap measure for preventing future attacks from exploiting the unpatched vulnerability in Internet Explorer which was among the causes of last week's Web infection. A formal security patch, however, has not yet been released.

Copyright © 2002 The Associated Press. All rights reserved. The information contained in the AP News report may not be published, broadcast, rewritten or redistributed without the prior written authority of The Associated Press.