"Tolley wouldn't say what banks were affected by the hack, but the majority of these five million customers were CheckFree's own users, she said. In total, about 42 million customers access CheckFree's bill payment site, she said.
Customers who went to CheckFree's Web sites between 12:35 a.m. and 10:10 a.m. on the morning of the attack were redirected to a Ukrainian Web server that used malicious software to try and install a password-stealing program on the victim's computer.
The criminals were able to take control of several CheckFree Web domains after logging into the company's Internet domain registrar, Network Solutions, and changing the CheckFree DNS (Domain Name System) settings. This same technique was used by hackers one year ago, to take control of Comcast's Web site. It is not clear how the attackers were able to get CheckFree's Network Solutions password, but some security experts believe that CheckFree may have fallen prey to a phishing attack.
Looking at typical Web site traffic patterns, Fiserv guesses that about 160,000 consumers were exposed to the Ukrainian attack site, but not all of these customers would have been infected. For the attack to work, the victim would have to be a PC user without antivirus software who was also using an out-of-date-version of Adobe Acrobat. Because of these conditions, Fiserv believes that "a very small number" of people were affected, Tolley said."