The cybercriminals who breached the CheckFree bill paying service used a combination attack that may be almost impossible to stop.

Visitors to the CheckFree site were redirected without their knowledge to a server in the Ukraine, where malware was automatically downloaded into their PCs, Amit Klein, chief technology officer at Trusteer, which protects desktops from malware and fraudulent Web sites, told InternetNews.com.

"The fact that it's so easy to get hold of critical or enterprise assets such as credentials for a corporation's DNS domain, Web servers, or firewall, is troubling," Klein said. "Each credential lets you manage critical assets and makes it possible for attackers to control enough parts of your infrastructure to cause a mass infection of your own customers."

The worst part is that so far, no one seems to know just what the malware does once it is installed on the victim's computer. Stephan Chenette, manager, security research at Web filtering solution provider Websense, thinks it might be a password stealing Trojan.

Eventually enterprises may end up becoming the means for infecting a large portion of Internet users, Klein said. A similar attack compromised two Business Week sites earlier this year.

The CheckFree breach is especially troubling because its domain name host, Network Solutions, hosts the majority of financial institutions' Web sites, Klein said.

Fiserv, the parent company of CheckFree, one of the largest online bill processors in the U.S., and Network Solutions, CheckFree's domain name registrar, had not responded to requests for comment by press time.

Trusteer's Klein said the attackers used a combination of phishing to get system administrator information to hijack the CheckFree site, pharming to remap the CheckFree site to the server in the Ukraine, and a drive-by malware injection into the PCs of all visitors to the site.

Posted by Justin Payton in Adware, Spyware and Trojans at 14:47