What do they use? The Coreflood Trojan horse to infect massive numbers of PCs that gathers confidential information, including bank account numbers and passwords.

The Russian hacker group is at it again using a Microsoft administration tool to steal passwords. This is not new as they have been doing this for years.

A sampling of 11% of the stolen accounts found in one directory on the groups command-and-control server found more than a quarter-million dollars at risk, said Joe Stewart, director of malware research at Atlanta-based SecureWorks Inc.

In his most recent findings, Stewart spelled out how much money the group has had access to, as well as the number of users whose information was hijacked. As before, Stewart culled the information from a Coreflood command-and-control server he had helped shut down earlier this year.

Among the mountains of evidence on the server were the results of automated scripts that checked the validity of bank accounts and in the process obtained the account balances. Of the 79 accounts the cyber crooks tested — from among 740 stolen accounts on file in a single directory — the highest balance was US$147,000, while the averages were $4,553 for each savings account and $2,096 for each checking account.

Tips:

Don’t store passwords on your PC

Don’t have your browser remember passwords

Safe surfing!