|
|
|
Stealthy Trojan Swipes Bank Log-ins, Financial Data from Thousands
By: Brian Prince
2008-10-31
Article Rating:  / 62
There are 24 user comments on this Network Security & Hardware story.
RSA FraudAction Research Lab reported finding a treasure trove of financial data stolen by the Sinowal Trojan. The Trojan uses rootkit functionality to infect a PC's master boot record, allowing it to slip by malware defenses. The Trojan has stolen roughly 300,000 bank log-ins, as well as a similar number of credit and debit card numbers and related personal information.Security researchers have uncovered a treasure trove of financial data stolen by a stealthy Trojan since 2006.
All totaled, the minds behind the Sinowal Trojan are believed to have stolen roughly 300,000 bank log-in credentials, as well as a similar amount of credit and debit card numbers and related personal information. The findings were detailed Oct. 31 by RSA FraudAction Research Lab. The Sinowal Trojan, also known as Torpig and Mebroot, dates back to 2006 and has been used to target more than 2,700 financial service domains worldwide.
In the past six months alone, the Trojan has compromised and stolen log-in credentials and other information from more than 100,000 online bank accounts, according to RSA, EMCs security division.
The Trojan horse contains rootkit elements that infect a PC's MBR (master boot record), allowing it to slip past malware defenses. Once downloaded, Sinowal uses an HTML injection feature to inject new Web pages or information fields into the victims Web browser. When a user tries to visit one of the 2,700 domains, the fake site pops up instead and prompts the user for log-in or financial information.
RSA described it this way in a blog post: Even though a prompt like this is not a novel approach to stealing credentials and other informationwhat struck us the most was the amount of URL 'triggers' that cause Sinowal to actually launch this prompt and other functions: Sinowal is triggered by more than 2,700 specific URLs, which means that this Trojan quickly moves into action when users access the Web sites of what are now hundreds of financial institutions worldwide.
The compromised data belongs to customers of hundreds of financial institutions from around the world, including the United States, Canada, France, the United Kingdom, China and elsewhere.
The RSA Anti-Fraud Command Center has notified law enforcement as well as affected financial institutions.
| | Reader Comments: Stealthy Trojan Swipes Bank Log-ins, Financial Data From Thousands | | >>> Post your comment now!
| | issue clarificationladies and gentlemen, the issue identified is an informational segment meant to warn online bankers.
1) the affected banks were notified and... Posted At: 11-12-08
By: nine11four11 | | | | | | since 2006?The RK came out in 2006. What makes you so confident that Avast has detected it? Posted At: 11-11-08
By: uman p. | | | | | | old time phishThis is nothing more than a phish. I read the RSA article linked to this article. My browsing experience with my online bank is consistent enough for... Posted At: 11-11-08
By: uman p. | | | | | | | | | | | | RTFPBilly boy, perhaps you should reread the posts you are commenting on.
The posters both wrote "affected" NOT "infected."
"...what struck us the... Posted At: 11-04-08
By: bigmikee | | | | | | | | | | | | It's the list, stupidWhile it may not be the banks that are infected, anyone who read AND comprehended the article would be aware that the trojan is triggered by a list... Posted At: 11-03-08
By: brolin | | | | | | >>> Post your comment now! | | | | | |
|
 |
|
|
�������x}r8s;�Ӯcv
ٖ˚-*Ou��EB��!)/w~⼜?qf�অTלSm["�
D��vv$IM˙sל۔\s�Pç��v$vv~]2i*_
d&�@�jہ��)�}mk4��uB�Z���[;#|6S%?w *s=NN��KԚLæzg&$l
d��kbp��,c�w5h{=D@�~5[��6m��(GL�Ż?�K퓟�E!wO���շ8>vP
ߩ�U�aÙO,}!*{�OJ%h��1Qu�_Q�ad�w^x/4�;U'i�?쓑�7Sա*v�25vkn��/E�@Z��#BLȡ[\oh�=7d�7)���{"�-�Xd�UZB�wb#63!1kkT�T>l[G�ݑ�[cXsIVHx)�ɡ�æ�I/!)ҀK�8Q+�kF?Ķ�h�G'��tq�r�_սyoבnL|wdoa-wQKw�TmBO|lM=RއI
CuaO�e_uhshm�7Ea�hjrP
8pދWwcwm9{�U�
whv??S)J=,�GA
G�nGkp[I�^ր8�]�}Gk�r ]�+�o$&�W Z�DTQR`&���Rc@G'�I�_H5}(�ĭ~oZ�FIS� �40"J�3zĢJ�9��ϦŠsuywȠstzx |'9Ġj�PEb�+�gxk�4X-:O/9�ǽ>9]QŝF4pgs
Zʿ�~��'^=:$lrK��,���.i�TW�ZxqhC!u{D
,_dxpLq:8?#��| ,�-˝�)Tt<�/Rzhf5
x�C�X&%�m�"���:u
���P��o4C+D_x0Nusn6�G@̀ki��fk�PX��TA5A�N)��51r��vf��M)i�K3_^*�-ͿE7h+bԜөɛ!"ƈOn�9x�|!XsI��((�G��&�μlO�yx!jY[6'jdamIiS_dxe�ޡ:I=t9&E;~C�T�364>H�,H�!eݴ%�g榣V6�1|+�Y�E*�EX8ʍ85m!SG�ñA���&�s;,w~�Ά����mNQ�}��59�'4b}t>'�(>h&ƋCriZnL-�r�Ӈt��wA�>�+�wOݺzN^TŞ*L�Кk��D#m�� &>q�l��8d�(n)s>ɹs�P&��z��Vt��cP{��DM`�#ρY�]7$>�(�@�+�>=��lmVl}d`1 >5�%ޣ��q�0y zE�ا��H.BD(ZH�"�!A�lu���[$t X�V�(VFvGBj+�'"�Pl=!đtNܡZWh&RأXB�^�X/E_R�2әJ2j2kl�ƪń(VFNL�1|�0��Vn)�
XTM.v0>2ai[[zESZ2{5�k憭l0!�/Ȁ2n(进�,9ق
Yr>::\�9{~g�2]|:���*G�t>Je�כAc
SO5,��F�fF�- � o�_��%�t1tJ/�]aY8�--�'uaOhK3Wk��%%@�P0"AcK�鬡cKU1SOm{hC��y
X\�(Tt a�"!1}ڧ>ns�sQ*/s7+�)T|�;Ofz^*k 6DZUUR;(Z
��{}|8=e�hLQ�8tc}y
_�+zS83lÿN(!f8c0�SM�\�}�O>yN¢ ,{h'^ː]-'LiG ç2cCTҘgF(/9��Ε��Nj�Z�`Z>5;�LᗬۉO�{��0v��\3���wkq�5\ EYk�(p,4J����3%NJt$�ҹ�D\W4Uud
XX
`����jD�a�#�CP`wV8%�+
#mQJ{�4A��vN{�Բ)+Vt u� `_��ܚ:�z,.-�H�0���
� d45}�M��*F{�boY
��Lj��B:GdDC��+`ЎT:^Gw<܁c2P?H(TZ�g7gMś]ac6U�{zn&R)Z�,GGvh\�JW>�7ϣ=ϼ!�#Erzg�m2D8z0J�d�mؙY#CuitLeb`ljgE@eM+t׀mkZpW|L2M�#u��L!)Wje�>e!e�O*��lWJԨ]q.g(
�,O$��,t=�ǣۻmp�I75
��SXx|{
[PH�H�HD�>ġiVR{e"�>QTk��㜘�=�ۃ�[�
L ��$q��)YUi�hja{i62A$K{<8'%S.�I{e�8@we�t{�A�{@N;�8�0^x;Zj\#-�J?Iާc{g�i\�dz�LR(����1>b�t߫]=-co/��6zv9�D����2�DH�4z7��ՇQwŏ�EGJ:7]�9 �!Ϻ�.Y�
G�^9:봯�OM1k&03hĢ<⑩s�3^z0L�‴5��)�,wuܹĂ�Ӝ4�"z�?N3"n�U8X;Z1w�}u�XLP($��T�0�r �`�$X�*��XU2ۿ��Cz? YZ�g�Í7���"lSϝ+}2L:1D&rޚS�E[B
{�B�~�J;TL~:߄q?I{�vYغ�[�Ϙ`A32%I�cϔ 5m$Mj3f�k��C@$_:JIv(+Hl(dA�j�SӚmf�/.غm|<:�RpLC2��à{>� e!>R��aFh��鳁Vˮu^c'�`|x��=Na.C��L�U'EQ,�wuϏFMbcsc�D�1u�wR;2x�;�yZ1�ݾpne9�r0�jw;t=z;Ojw]!3LرDݘ�~�h='�s� o. �cgm:;@�FP$w"B+NQD=%��,`�*hM5nW�Kot!�
Hlй"/S��>#A�ɼ��}g��7o��m�T�=eNd>IАZ�=ty9!�-[ݷؓ9̆{_JGoc$Ǯv'ۻw�}Zw[q*ApMG<-�Ҁ#I1M$�ZQH�**s攤�vȌWN�H&�b:`@Ɍ7#Oҁ{&-3(��#F
߸2{K3�N7K}{�U"��u?h2n�~�J�]݅;isVD)]s"ǵ"�v�KJIɧym�z�SD���m֗Fݽ]vVȿ5LĬxBw2h덧lw̷֘M'|Ȟc�ԱىÇ�CX��?�*�4lo@[)=�)$Ι��x
<�v<�.�߮���� B�;FJ���X۴��r�UCa��u�k§
,'i�ƿ'qFԱ�Qo*��2$;l�ߔ��c͘37�Ocpߍ_K;�*��ƒk0K(p!$~qN�̼V�&�%o�fȗqi+BZ1 w!}`'^a@|�\W&
f�^ (�)yuYQ�s5ȧ4p[H̕&G8D�T�Agqk�buL$DJ,}aX�qW=zg[qN4V?w:'IMllT��F_ps(|]25Y%;
O?.ɼn�v�$= �M�є:Yy�78S/W�$�/�$_|m8N2�'�D}A8{>S'c�_ߡ&49�>d�ȺMph���=g$m,UVZ\kJL=Z%E�Z?@^k[/�'>���,.�/X'[Bٳͦ}�(v^9Jk$ԦNZ-k
ԮU�Q�jEr 1�>a2=Yl���?R!yRo�J`kHJ}q.�ȂńL�.'��n
���0��0�E"C��jJ.�~աG|.Ѱ*vz��J*)s98|(]�g/}�CipJ��:�үt��IjTR�TX$���"���'#ol@4-�ڼV@Q뛒OlosﹰtVwg\3"S
�1IYX�@(RCV��odZ �>[@�-b{1|Ez6zZυ-*1_`OL�n�PA:"t)fST*J���pCpA%�[%'e�@C)o&UNt"Vr0_){=��T��Ps*I`肪Ѵj^]#�`� XD§"?�aӗkQ؋!!�#m=Vc{mlU_\wEa�H +o$aBj�;�%5̍Tڈv�����1Oo�%'V8hmU}Kz7ڋD@:�\JG>e1�5Թ�>rgЦ�u,��qaTVj<�)��!�I5R��7y�E#7mi̗Z@R�lKUIk_|µ3gz_z�gbC�^^^^^FVm<�ϗwFw���2nYkݶ~�(
%��9�*%{'>7%v5th3�Iy]a%�l�ح%Q�.;a-O�maqw65'T:v+"1�[�mH/�G,3W�H0J�)l@°�t���Iy�"J
H
`B�:Ih�ao-Z[O!>�caF#|ldG*l8/@>g%���%��DƄA(�K�?z.AyP�s̗�Q���&��#�H�u��/��"Z[!T^A��kR7)�I]~Z&ckbƯudV�5Dnk��#Y`,W�#i`�y�G�_ܐ/ECg3gxyԑN8�"�PG4@�DS̙���%ҁt)OH:;U4[�ϑKīT">
FQU�H��� oq7 QDGL& 4(�/KCܐ_!-Gu+��gqC��b~(",bE0
X(7�!e���D�Z q�L&��}
-Rz (|?�D8 ����n֖/|m�e3t~�CA*Q%7�@'iAO�Hb�L��J,�z*~e%�o;֖/|mgުIt$zZ�T=H<`{쀷 f#MMmf��-DZ�I(NM /@�Bkg{}9Z^Joί݉[k�@n�i@Q+�*cWW푛ro"\O?ֶo Kfo��R L}}4;m�&Q�D6wOB8;B�`Z/$;6oL$Ij�~6}A+=V�4W
mX�[`cX��wy0m-m�Yѧ3.e�|W�ZZJM%9n�.q}�zlï~�B�Y�f-e։5 V(����%5Rs1�g5�+xf"((QO7z R$|�: /\.ޮbv vSpn]|@Q�ΗH'�oI�z�W�mۋɀ{!9;0�]X,hMÙ@t�œ3�Q&)q��DtEwq�`$GxqsRQc3'�wo��,7�{ʞVS�,
xɫ߸֊�OZڠYΞC��"�g'���YH鎸:�[2HcbTh|�u�~T� 3,M?�"��le�ͦb��l1i3#Ntoc䭼�d?�?~܉."?Y3C �~܉.7>�Z�Ytĕ'7 �2y(�^�D�x8�j
%�g{%{[ŭ��$n/$jv�я;"\(7�uמS|lڏoûjj}<.fW$,�z~x G2C"(lh�F]b�hX�Cu~�rmb�?7�}�mDq`�v[zBYm�L!@I#샒=�%x�ei? ,Q,Dw�$A9?:-Ļ
W��FXz-�]ńU���D NE��7���wEa7`<ĒI
W����^R,oqn/
=��8l*b6K�-'.5}L1f`4՜�R�<^g�YJ��znj= a�ر*B 'UNz� ԣ:BMEw�WU"j�%�x#-5נ]6�j�6j=!ɣ`5��<�=wn&/k]қ≡ĚUх֝UN؍�Rcʳl-*|);,o�Kq\͛[Ȓ,!L
[K`63����OR!g@%UX5\ ��0.?8-��l�W/ժ@+)�Z�x�ʋzhBS�K�Y,����D(A�53?b)o:, oadF2FԞ�k�W*�
1Xt1ц]ֿ�|Ɍֲ:m���&�_cLѹǬ}�q�E
T��Ѝ�B9Ϫ͒;IoP}wY?e=a
�'�2u?|{~ BJ{=Hm~G#hM-ã۽|U:�l|%w;9^N۶6
_M~H'`��2o¨`*Ò��MI٫T~�LJ/�t�X0/b3-#�^>In�fi4F&s?��g\�N!�_��_�ݰ�,VI m{d7�2[�$}r?ZĮ,H1��f(��Is|DzhwE��:W}
dĢ�9k�`�#ka�a�=d�1a)h�ɵ`').yDci�� 8�^iN4(M�7,X��zoj�ґ��=<�瀟�s�yC@9�e.m� �br4q =��7]�6tqS0n/,0�4��O��s}�.nm;yx#ֽ2�b;�w6�oCdxR$�ٝzÀ��}G]�xZLܸ2poQ^"
#�"�@acFF�F>^֪_p3�lc}�}��;su>�^?tCg>k'[�*8y:R��M���?|Y&ƀY8'(NBhع+j>Y7xF
�{4��ǝN�͡a[�@$�o>eM+5VkZpWrHi3=""CSL`FTMV�Yi2ZUiT5r(�2B�4|OӴW�Y7tS+rc<{�+4�wpY-}?�"z%��~@N,1"Y/cA6of!3^��~*_�v�:i��(G<�)�蛅�eb��bZ;ˈLbT|Jx �/q
9X.>&]\ʠaC�ao/XbKZ;�cp��\G;�l�=2 gjy(}by0\9Kh `��Mz4��z<8�J)g,#�[LP`t{�_}̵~{鬙Hτ[4�п}HS%(uL���p0�1X�8D�f�[
Nؒ1&�QSRۨWY�)h
HN,�6zo��Z�#�+VU�h(o?�8�[]^-H�n
y��p�e3n�;�n�F�`XۘqM
�2!�/�ħOn3 &�`T$0>�t Ccjd1Gk��+C͙P<�b���ՍP�N#c�? `�vwb9c�˖;��
Mm+#8�"�>ܾ
lQF%��qm�.�;
+C��]@1֪T�gU|��>cx G}t;�*1�ee|�nHJUƧf2{;:��o9��kn>q$�L�E=��3̾HJ��D ϱmnآ��_���\n�P�Tj_f͙��BTvlRP`�Oՙَz!0|Zp�ȡ(�ly�I.�͜GK@gWnJP/jdV(̛l+�~Hϱ�Q���Ķ`�:�Vږ*yD1e~}J<3�g(u",@P�hP�+�K�ei$Vi/e8ǩk[Vmxtz�� �w}�u+y!)��1�: f˟]zTIٶ�7(G,cݴsQa[:�6
�n
۲
u�y˷TU=��e-{B70*
<Ǹ9m��@�>���{z��?}?zǸ[�0rczzwY='�8K Ӿcd.GX�I@
Ik.-wv�ua4,Lb9��"[^'QI�8`R�жX�3��,@a)5z`��n�~3�4pRaL ��$b[и�9)z��0��
�'.Ż �r7umr�?{���]9,M���eYjcL1G=,@|�փ
L�W{څG��QE6;|���,�݈bV��"NdJ
i)�9�9*�R&L0؏��Ä
}"5roq3}e��әH؍�pK�Z8�g!(X^�XLT��/D4;NB}a`�tL2lgLt�)�2)v}mb-c6�C-[;�xeh-��
|
Network Security & Hardware 
