Eastern European criminal gangs have spent a year exploiting known vulnerabilities in Windows NT to crack open online banking and e-commerce Web sites.
As many as 40 companies have fallen victim to the marauders and more than a million credit cards stolen states the FBI, which has gone public with the information in a bid to prevent further damage.
The FBI says many victims were subjected to sustained intrusions which went undetected for several months.
Its investigations have uncovered several organised hacker groups from Eastern Europe, specifically Russia and the Ukraine, "that have penetrated US e-commerce computer systems by exploiting vulnerabilities in unpatched Microsoft Windows NT operating systems".
Once the hackers gain access, they download proprietary information, customer databases, and credit card information, says the FBI. The hackers subsequently contact the victim company and make a veiled extortion threat by offering Internet security services to patch the system against other intruders.
"They tell the victim that without their services, they cannot guarantee that other hackers will not access the network and post the credit card information and details about the compromise on the Internet," the FBI reports.
Investigators also believe that in some instances the credit card information is being sold to organised crime groups. "There has been evidence that the stolen information is at risk whether or not the victim cooperates with the demands of the intruders," states the FBI.
The FBI's National Infrastructure Protection Centre and Microsoft are instructing companies to check their systems for known weaknesses and download the appropriate fixes. Patches for some of the security holes have been available since 1998, says Microsoft.
The most common vulnerabilities involve unauthorised access to IIS Servers through Open Database Connectivity (ODBC), SQL Query abuse, a registry permissions bug and a Web server file parsing flaw.
The FBI is also warning companies to beware the following filenames, which may indicate that a system has been compromised:
ntalert.exe
sysloged.exe
tapi.exe
20.exe
21.exe
25.exe
80.exe
139.exe
1433.exe
1520.exe
26405.exe
i.exe.