Hackers steal information from several companies known for providing security services to government agencies.
Hackers stole information from the Department of Transportation and several U.S. corporations by seducing employees with fake job-listings on ads and e-mail, a computer security firm said Monday.
The list of victims included several companies known for providing security services to government agencies.
They include consulting firm Booz Allen, computer services company Unisys, computer maker Hewlett-Packard, and satellite network provider Hughes Network Systems, a unit of Hughes Communications, said Mel Morris, chief executive of British Internet security provider Prevx.
Hewlett-Packard declined comment,while officials with other companies couldn't be reached for comment. A Department of Transportation representative said the agency couldn't find any indication of a security breach.
Malicious programs were able to pass sophisticated security systems undetected because that software hadn't been instructed that they were dangerous. Hackers only targeted a limited group of personal computers, which kept traffic down and allowed them to stay under the radar of security police who tend to identify threats when activity reaches a certain level.
"What is most worrying is that this particular sample of malware wasn't recognized by existing antivirus software. It was able to slip through enterprise defenses," said Yankee Group security analyst Andrew Jaquith, who learned of the breach from Mr. Morris.
It was not clear whether the hackers used information stolen from the personal computers, Mr. Morris said.
On Monday night, Internet security firms began to release patches to fight the malicious software.
Trend Micro,f or example, has sent its customers software that prevents the malware from being installed on computers. It also blocks browsers from going to Web sites that the company has identified as being infected with the dangerous programs, said company spokesman Mike Haro.