>
> http://www.smh.com.au/articles/2003/06/10/1055010959747.html
>
> Washington
> June 10 2003
>
> The US government is warning financial institutions about a virus-like
> infection that has targeted computers at roughly 1200 banks worldwide,
> trying to steal corporate passwords.
>
> The FBI is investigating what private security experts believe to be
> the first internet attack aimed primarily at a single economic sector.
>
> Virus experts studying the blueprints for the latest threat to
> internet users were astonished to find inside the software code a list
> of roughly 1200 web addresses for many of the world's largest
> financial institutions, including JP Morgan Chase & Co, American
> Express Co, Wachovia Corp, Bank of America Corp and Citibank NA.
>
> The destructive infection, known as "BugBear.B," has spread to tens of
> thousands of consumer computers across the internet since last week,
> but investigators and industry experts said they were unaware if any
> financial institutions had been significantly affected.
>
> Industry executives told US Treasury Department officials and other
> banking regulators during a meeting in Washington yesterday that while
> they were concerned that the infection targeted them, they were
> unaffected because of tight corporate security.
>
> The infection "was hammering the outside servers but it was being
> rejected," said Suzanne Gorman, head of the Financial Services
> Information Sharing and Analysis Centre, a bank cybersecurity
> organisation that works with the US government.
>
> "People weren't reporting that it got through to their personal
> organisations."
>
> The analysis centre had distributed information from the Homeland
> Security Department to US banks using its highest-priority alert on
> Thursday, Gorman said. The discovery of the banking web addresses
> inside the software code "raised a lot of eyebrows," she said.
>
> FBI spokesman Bill Murray confirmed the agency was trying to trace the
> author of the attacking software.
>
> Experts said the BugBear software was programmed to determine whether
> a victim used an email address that belonged to any of the 1300
> financial institutions listed in its blueprints.
>
> If a match was made, it tried to steal passwords and other information
> that would make it easier for hackers to break into a bank's networks.
>
> The software transmitted stolen passwords to 10 email addresses, which
> also were included in the blueprints. But experts said that on the
> internet, where anyone can easily open a free email account using a
> false name, knowing those addresses might not lead detectives to the
> culprit.
>
> "Depending on how those email boxes are used, it could make
> investigating this a little easier," Murray said.
>
> "But it's not that easy. Those addresses may be blind boxes."
>