Last week I blogged about the hacking of Circuit City's customer support forum. They've now patched the security hole that allowed the forum to be hacked with iframes leading to sites downloading the Galapoper trojan, used to send spam. I mentioned the sites in the iframe links used to distribute the trojan, as written up at SANS. In the follow up article by Brian Krebs, he quotes Eric Sites from Sunbelt Software on thegroup behind these attacks:
Eric Sites, vice president of research and development for Sunbelt Software, an anti-spyware company based in Clearwater, Fla., said the attack appears to have originated at a Russian Web site, which is believed to be part of a larger online organized-crime ring that operates out of Eastern Europe. The ring, he said, traffics in spam, fake anti-spyware programs, and invasive applications designed to steal passwords and bank account information from computers.
"Most of these guys are just trying to make a buck any way possible and don't care how they do it," he said.
Sites' company, which has been tracking the crime ring's work for more than a year, believes it has used viruses to steal sensitive account information from tens of thousands of people around the globe.
This crime ring needs to be stopped.