RSS Archive Contact Us Advertise

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Vermont Victimized By Virus
Search:
[ insider_reports_insider ]

Vermont Victimized By Virus



David Utter
Staff Writer
2007-01-30

SecurityProNews: Insider Reports Insider Reports RSS Feed


A bot attack against a state computer in Vermont may have yielded information on 70,000 people to the criminals responsible for the intrusion.

Vermont Victimized By Virus
Vermont Victimized By Virus

Financial and personal information exposed in December 2006 to the attack belonged to some 12,000 people the state listed as being three months or more behind on child support payments. But the additional 58,800 names that came from New England Federal Credit Union included people who were not part of that program.

That data from the credit union was a couple of years old, and the Rutland Herald reported it should not have been retained on the Agency of Human Services server as it was.

It is not known if any of the data has been misused, according to one state official cited in the report. They will begin notifying people impacted by the breach to let them know what has happened.

As to how it happened, WCAX-TV said it was an automated attack that found a way into the system:

"It wasn't a targeted malicious attack, but it did exploit one of the vulnerabilities in the system and through the course of our investigations we felt we need to let people know their information may have been exposed," says Tom Murray, Vt. Chief Information Officer.
Details of the attack and of the server have not been revealed. The Agency said the server in use has been taken offline. The current Agency website runs on Windows Server 2003, according to Netcraft, and other state.vt.us sites also run on Windows.

If a vulnerability was exploited, that means the attack either hit a previously undisclosed, zero-day issue, or that a known issue was not patched in a timely fashion. Should the latter scenario be the true one, there will probably be repercussions for the administrators after the forensic investigation has been completed.

---
Tag:

Add to Del.icio.us | Digg | Reddit | Furl

Get all the updates -




About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2008 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds