|
|
|
Stealthy Trojan Swipes Bank Log-ins, Financial Data from Thousands
By: Brian Prince
2008-10-31
Article Rating:  / 62
There are 24 user comments on this Network Security & Hardware story.
RSA FraudAction Research Lab reported finding a treasure trove of financial data stolen by the Sinowal Trojan. The Trojan uses rootkit functionality to infect a PC's master boot record, allowing it to slip by malware defenses. The Trojan has stolen roughly 300,000 bank log-ins, as well as a similar number of credit and debit card numbers and related personal information.Security researchers have uncovered a treasure trove of financial data stolen by a stealthy Trojan since 2006.
All totaled, the minds behind the Sinowal Trojan are believed to have stolen roughly 300,000 bank log-in credentials, as well as a similar amount of credit and debit card numbers and related personal information. The findings were detailed Oct. 31 by RSA FraudAction Research Lab. The Sinowal Trojan, also known as Torpig and Mebroot, dates back to 2006 and has been used to target more than 2,700 financial service domains worldwide.
In the past six months alone, the Trojan has compromised and stolen log-in credentials and other information from more than 100,000 online bank accounts, according to RSA, EMCs security division.
The Trojan horse contains rootkit elements that infect a PC's MBR (master boot record), allowing it to slip past malware defenses. Once downloaded, Sinowal uses an HTML injection feature to inject new Web pages or information fields into the victims Web browser. When a user tries to visit one of the 2,700 domains, the fake site pops up instead and prompts the user for log-in or financial information.
RSA described it this way in a blog post: Even though a prompt like this is not a novel approach to stealing credentials and other informationwhat struck us the most was the amount of URL 'triggers' that cause Sinowal to actually launch this prompt and other functions: Sinowal is triggered by more than 2,700 specific URLs, which means that this Trojan quickly moves into action when users access the Web sites of what are now hundreds of financial institutions worldwide.
The compromised data belongs to customers of hundreds of financial institutions from around the world, including the United States, Canada, France, the United Kingdom, China and elsewhere.
The RSA Anti-Fraud Command Center has notified law enforcement as well as affected financial institutions.
| | Reader Comments: Stealthy Trojan Swipes Bank Log-ins, Financial Data From Thousands | | >>> Post your comment now!
| | issue clarificationladies and gentlemen, the issue identified is an informational segment meant to warn online bankers.
1) the affected banks were notified and... Posted At: 11-12-08
By: nine11four11 | | | | | | since 2006?The RK came out in 2006. What makes you so confident that Avast has detected it? Posted At: 11-11-08
By: uman p. | | | | | | old time phishThis is nothing more than a phish. I read the RSA article linked to this article. My browsing experience with my online bank is consistent enough for... Posted At: 11-11-08
By: uman p. | | | | | | | | | | | | RTFPBilly boy, perhaps you should reread the posts you are commenting on.
The posters both wrote "affected" NOT "infected."
"...what struck us the... Posted At: 11-04-08
By: bigmikee | | | | | | | | | | | | It's the list, stupidWhile it may not be the banks that are infected, anyone who read AND comprehended the article would be aware that the trojan is triggered by a list... Posted At: 11-03-08
By: brolin | | | | | | >>> Post your comment now! | | | | | |
|
 |
|
|
�������xr8(�ViW1E]RleMٖR*��EB��!)/w^9q_>�M�-y]D ����~vv$IM˙sל۔\s�Pç��v$vv~]2i*_
d&�@�jہ��)�}mk4��uB�Z���[;#|6S%?w *s=NN��KԚLæzg&$l
d��kbp��,c�w5h{=D@�~5[��6m��(GL�Ż?�K퓟�E!wO���շ8>vP
ߩ�U�aÙO,}!*{�OJ%h��1Qu�_Q�ad�w^x/4�;U'i�?쓑�7Sա*v�25vkn��/E�@Z��#BLȡ[\oh�=7d�7)���{"�-�Xd�UZB�wb#63!1kkT�T>l[G�ݑ�[cXsIVHx)�ɡ�æ�I/!)ҀK�8VR#/5<m�/;3jZYs;Ni|N���Q�}ѦM�ޡ:BݘZ����H/0i�|�V8;�t�#uӹ�=��U45,h
0#G�A�6�]�LR}�t
9q�PhR0|�s7Ln-�0(�5�I#=�ˋ�Ơ`��V�����GPC�!nH�}�P(�V�|`{ ��nȲc@|j
JG���;r%Fa��A�.O)))?�]Pv9�DB�
B�!B��0 H�� P�쎄J9m�W*LOD:Rt{B#̝CRM4aGe�-n^�d3#Cdd0U QVL"f��˧�q4M�dJ5�Bn=�آfmT
jrI) KJ�yT+�4Q>Oڹa��K���(�)em�*d�?r=@�kQD{zLO��6��8yRf�n \St+ˀ�\<
M
UPb|�F�ȸh�BqmP XbOF�<�TW酥k?|6tKl�`gv_oT`ju
2�\Fc�!�ܓa�*r1=_�?�M}�[L�zɖ0`{'� ��Yn�:ajAyI�d;W.�-hhj0NxT!�"�kq�0n��#8wDAۭ�ⲟq#�tM#�yT*JZ��(*+HA:e�rz�_�jQ ˏPU*J5�~�Vp8w\�kc`W�F4`+Y��ǽi
n.D<�9[% �17�ʨTIQ�ՕM��Oe%3Eq1쎸8DX=�y��d6
ѣ�5CJ�w־X8P�~u$<+1p]v3M�>� h
z�tS6ndU��LKZ^$|p`쑉�
N�@WIT2L=y}O5Oumf`��<�$�Οݚ�wrC >x4IjY 5`ZV-�#0�9L�ƈ���QHZ#OYdY.���eժR+5j`7��ʠ��<� �j�;!�]8`�"MMxh����=ar0uq7(��-E491���=�qZ�aǰ�^Tk��㜘�=�ۃ�[�
-��$P��) WA�h�x/nL10:�q�,JQ?v~��NIIc't>}A&=~?Н :w�>o���9tߟ���{kq �À�>|�ǝ�EˇW�RO5F0�r`sV��; J@�F��$;Ĥ}vl��w/KW�6Yd��p0\^�<�!=`;�pW�KG�?w@κ��)�ޠw)z2W#�>뾿gQ*�at�ӾF>m6<̰6M��G6V5C2�x0E���T��C�z? YZ�g�Í7���"lSO+}2L:1D&rޚS�D[B
{�B�~�J;TH~:Sq?I{�vYԺ�[&Ϙ#`A32%Ii�cϔ 5m$Mj3f�k��C@$_:HIv(+Hl$dA�j�SӚmf�/.鞿ߺm|<:Rp�E2��à{>� e!>R��aFh��鳁Vˮu^c��`|x��R̅2����D�YiQm��êjQuoX�GQ$.�tnt�7ÝԆ+^@)s^EXL2k7x/�gY6/t0wo��C�:dcΓd�fc�L ��1%� zNh�s3@
{cA��O[uvp߁�H*�Er�o5�W&Nk˜аu|S�5M`aE8F<.%-�;-�!=r�٠sE�� a�+}F'y��tD3(o�X7۸;�.z|,=}!G&zE>qB.Z��=w;o[Me's
Cݿv_l9nia[nơ8�5��J�~l'Mt6�D�jEWc[{#9�Ȫ̙S.R؉�'G#3~`q8-:��&꜃�%3ތ�ՏK�^dΠtPLG�=d(�,�H�3FZ�$ؑ�Lkv({P6Iړ>Ox(`BlAWAg_F-L w]n!1W�i�S2PI�<<;�n�)
�\;]1�),aq�o1^�{ζTY~tN,�3P:�Y)djj\KvD�4)]y%.<�KCxqUIz?A,
�)u�3�n]Z.7ʩ3�MƜ�ބk_d'[|N��KZ
(n&fO��Q#9߇�ၬ��xs&IjRee�ŅN#ĔURs�nf+6�X
�Mz.S-Yfs�,O Ķ��.6�_wV+wR[R�"o�r"dl� E&Pn �דN\/LG@;RJy(��pJw`J�|7݉D
~�D}_A�F�W �B.H:{{@M:hԛq�vW�F\IU%6}F0^��K�襶�f`(
\i`AgCWB6J%Uˡ�Ea���,`2&fk�DbnE>
$�)^|(OF})Y
@ϤOs���bi�6 �=Bؖ`�IX8V^S8~tfzp�"̓td3ϊ�!*NST+)fQ@%�*P#!aPA�߬|�/+hh=$ӉN�]Z��I𗱜�5g �AŃ&
Ýcf�&M*-ݑ6��f1�����1�p�x=��zblVշ7_x�Q{q!'�ؿ<0qN�ґOYn�l�v��iA�ˁG6�CRYUd@�o@#$�[FH�f}��ȷ%�_�k�^�I��-V]G,kkg�))-ND%J�kO'�(1�;lOZm���
x��_�D:�
}|STK|~v��l�U%Q�:a-�'I�ɶ~q;�}�#�ߋ6חw#c�-RC
C,0�'�Ѷ1i2�B$QI�Ǡ#fie�&'7$�ssRw 'yzZ}:A��>-�t<"[B|�+6ÌFZTp*_?}ҠK�
"Rjc t�=Hg(9yˈ(vS!:O=/�H�E��/��"Z[!T^A�jR7)I]~Z&ckbƯAg
@'�aWu�,0f
`$
ot^�1'�7K��z�u$,:khs*!
u�,J�A4Ŝ j@ :�H"鄤#MĠ+o]<>.˕Ju.� i�U`$j��1i�w��5It4�FWGnחg!nH/m�Y#pMnO}v�74a �F;"_�ShkGH@�(�#�H� o|_�g�,4^�:�i1�22222Nkmc�ӵb�MI>&�csK�M-bz|X �U�7+ z+{֏-^ɬ�Kk]ɟ+mRNKJ'TGڸ~UOZ]77w��7��k=^}#=�
8^�/؏�.^O�Fԗ$X?`o��aos�F[;ֺ핌�saD!u4NA'Iz�É�q"cD�,��9 ,8&}{�Dx
�ZOx}�w�
�Y�$l�=G. �r0{r$@�H\^��"�p}kx�Ck�1F�Ⱦto! MKܻ�K4x'�$;�&��%�m%�0Dʖ��[[=u}�']ӑ$�k Pg�PAfXt~�D)(�˞#M�*biFuo0I_7nm�L=ǔ�vTǏ;�B'k~;;%C٧T#/A&o��x��@M!vl�"x�_t�$~{~ē;�qGO�FU1sʑmO
{xUM3,䏅B/o�7 /Hf��X��È�˄2C[�
M�TmS_ǝF0C7F5s�.RKO(aژh��?5w�1i}P2D�O#�%1�e(�#$Jfgs4V�5Śxg
�KE;کj==#�� �R"R�V(>��l?�Q�X2ኴ�7K
4?8?G96�ǜMEfIDwET9�ЫՔs~�\
�: G K]ɖ1xy��[/Mz'5!L:VE(�*Io�$zTG�N7J$�RM�`��~Ÿ�3YM13цX5�0y�fBGa�ovDWe�7SYzڽ9Z<1XsS50�ٺsʑ�Ԙlh
�p�S�cy�q�Xߙ%>D�4�l3˨aZY�$�~�TRU�1�sRy|"�̦AtR
?[h?�0G{]SjZf"(E00N4�wn,"�,T_HF=yԱ8nd##Tr^͌�i`��}X2ames㡳xxX
�.7P�c�D@G'��+cՒl4X3K�cB�R8X$+^Q�$� c-y}6;Q{v+vb"m7\%�p+p|?p��-g::~9~:l`��Fʒ2?K+L66�mEUk)7g%;څ]`aYL\#&��9�ݱ=��a@$}b^�P>#RF̯q}#|�#6M6XX�U!WT�P�6�Mh5Mfik8M4��c=țW(W' n$�yVmIz .�kx�>axˏ�RkueAj+;Z�Akj��ݲ=ҡA+qܑ$_�~H'`Dwד��F�S�^.�OFoJ^j$'wp�
�?>|6�ڄy�iǥ4�Y��gMr+7LӦ12K=
o~{@\q
$qaC�\��
roE�VIv# ,@g�E슍B��c��~"�p:ם�v\tgsG��@F,R��^��<�3]\
��!��~O�A�z�d��+�2ta�-=�peL]v�V?�#.7,Mx��:�L$!�iRmɿ�PJx��Qݽ!?1��@��L-GaiAX#�hBG�H[1~~�3Uϸt:)�45A!<���\AA�cs}ʢq��bZ1Ř!'�iĔ�Êg]C �kB��{S{�9���K��q��E��LXv�_�%1ǖRW�B���"��F2����9C�(c~JDF�x_vĹg4`yn�����F�"�iN?�n�vzx Zѷhlԭs;|Ի|ҽ\^u/�։1y?kyl25^�
Q�9hw283f81«XsxgYx鎾(b�h,.6?< �L*a^e5DM@+:ۦ -xecj }|||l%6#g5^�L#̑:�jcRN=�Z[,_I�GM&7�b�c9�
HShE&5+>�r<)��rʿ@+(Z_~�JmS>X_~�88�A�I�~CG([hvחw�qN9?t/rʡݜ�Z�9埡3��]�>�ʯʁ~s�ڿi�:ҺNr�s}�S)�ÜJuC/*ȋkOy射8)o@y<*PC/nr
�V=ןbM�exG,D<�mcLĞ!=�}٘g?�QGЬa�]#=D)�.;H_ẽ�hĿ-NÙ��ٞރ�}��nC�7��V
�n�@q�L:
~iMog.t\�v�<2kݫ++Z+p'k͠6Kֈg>Yݩ7�xЧx.
ߊč,z��%�H00(���F>fUd4[`�Z�n�am�Wg4`t.g�{g�d�aSe�dz�X3/US
!Pio0��p=��ʼnS�
;/30ϱILz,XAjT}��=v��u'`�а-!i7�Iղ�VJZ8qG+B$+P�{D��çÌ*R'Ӏ�e`Ҩk��%�QP�e��h�[2��pVS'
y��V8��o[� D�)��x�>Xx+c6Ey�_ƌmBrH��6T<�'u��m'&]\͠mC7ao/�cK�ZS�÷p�\G;mgP&�M;�,U�~�f.g �m��c�a6rߢ]G�'C�<:8ed`
tO)u/� \�=��`p*WY��Ȳn#ó����#��(��sB��jfG=Z<0ۏc�\S.a D~Z~k]*0y."6��'żeķۀ���o&`+RۘtM
̥�2�/çOn3 &�`T$30>�t Ccjd1Gk��+C͙P<�b���ՍPs$Y�<#!1苄I Mc
=
L:B2,�%؉G�3'hȲσ��~ɤO[Q��=$_^̀ԛ�Zd%\7�*y>r�rf[�W ^{�3D3$ƨ�z<�W(1HXe�hqjF߮e�W53�B㙸xz^Db�,
ي݁�އBmô�z)LJ)@BoEYR%:�Tun�T8�<~�"�l%E�a'�_!�TL�,sD�<�>;#;33Q)jkA/?H3۱x쥽%�}Yq ��v.}�X#U:.�/�\*�IxҎHIhO>��~�ElG�`A�0^e�KF$u�@'�
�;؆OnS�C��>X��X��e-s0ŬBSh�<�)�P?'[nG\�k<>a�i�E�P0c�<��z�@n0$ ,��-i��ΦJu�#AY�?_�vs[>/৲`���{z��?}zǸ[�0rczwY='�8K Ӿcd.GX�I@
Ik.-wv(ua4,Lb9 �"[^'QI�8fR�жX�3e��,@a)5z`I�n�~3�4pRaL ��(b[и�9)�z��0��
�' �r7umr�?{��s]9,S��c|Ʋ�c9zar�r[�W`2�Z�.<�,�(`)F,��dv"V�THKMΡmdQ�aڇl&~H�&TH!�فl{[�НDntLs-:q�>/F"F�Ă'g"e��W~q$Y"�:xqeQ*= V\v*��gv P.�I{yTO7uG�@;N�$o_:Q}B}FBl4.�$םY*�?#[7nxaNjc)h#/=P$Dq'�AHec.x_ο`*X[�E�lMc01B4
|
Network Security & Hardware 
