Computers belonging to the U.S. government, contractors and companies in the transportation industry were hit by a targeted computer attack in July that yielded password information for hundreds of Internet and intranet Web sites, a computer security vendor [Prevx] said Tuesday.

Prevx engineers traced the IP addresses and the concentration in the transportation sector was too high to be a coincidence:

"When we reverse-engineered the IP addresses of those computers, we couldn't believe that this was a daisy chain that led to government-associated sites and to other defense contractors, and to American Airlines," Morris said. "This was a very highly targeted attack."

The Trojan RSA-4096 to encrypt user data and gives a message like:

"Hello, your files are encrypted with RSA-4096 algorithm (http://en.wikipedia.org/wiki/RSA). You will need at least few years to decrypt these files without our software. All your private information for last 3 months were collected and sent to us. To decrypt your files you need to buy our software. The price is $300. To buy our software please contact us at: tristanniglam@gmail.com and provide us your personal code -xxxxxxxxx. After successful purchase we will send your decrypting tool, and your private information will be deleted from our system. If you will not contact us until 07/15/2007 your private information will be shared and you will lost all your data -- Glamorous team."

If the attackers wanted just money, why the focus on one industry? That doesn't make sense. Confidential data was the real target of this attack.