Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Keeping an Eye Out for the Sinowal Trojan

    By
    BRIAN PRINCE
    -
    November 3, 2008
    Share
    Facebook
    Twitter
    Linkedin

      After eWEEK published the initial story last week about RSA finding a cache of data stolen by the Sinowal Trojan, several readers requested additional information.

      Here is a little more background on the Trojan, RSA’s findings and links to more information. Also identified as Torpig and Mebroot, Sinowal has rootkit elements that infect the Master Boot Record and allow it to hide. The Trojan has many variants, some of which are detectable by traditional anti-virus companies such as Symantec and McAfee. However, the number of variants and their low distribution volumes make it difficult for security vendors to keep track of the latest variants.

      For the past six months, RSA has observed at least 60 variants of the Trojan each month. A recent variant, submitted Oct. 21 to Virustotal, was detected by less than 30 percent of the 35 security vendors given the file.

      RSA investigators found nearly 300,000 online banking account credentials, as well as a roughly equal number of credit and debit account numbers and associated personal information. The cache of data represents bounty collected from Sinowal’s victims as far back as February 2006.

      “An analysis of the Sinowal Trojan itself identified a road map leading to the location commonly known as the drop zone, a point where Trojans send their stolen information,” said Sean Brady, manager of identity protection at RSA, EMC’s security division. “The drop zone itself was publicly exposed to the Internet, where the RSA FraudAction Research Lab was able to address the database and recover the credentials.”

      Vulnerabilities are fading from the threat foreground. Read more here.

      Once downloaded, Sinowal uses an HTML injection feature to inject new Web pages or information fields into the victim’s Web browser. When a user tries to visit one of 2,700 financial service domains, the fake site pops up instead and prompts the user for log-in or financial information. Detected variants target Windows 2000, XP, Vista and Windows Server 2003, according to various security vendors.

      “The best initial line of defense is to maintain an up-to-date anti-virus solution on your PC and use it to run a full system scan,” Brady advised. “However, the Sinowal Trojan can be challenging to detect once it is installed locally, since it uses rootkit techniques designed to evade detection.”

      Brady recommended that users keep an eye out for changes to Web sites they normally visit. For example, a prompt for personal information or for the user to download files in order to view a video could be a tip-off.

      “Knowing that their financial institutions should never randomly request personal information online, such as log-in credentials or Social Security numbers, [can be a defense],” he said.

      For those looking for a list of financial institutions, RSA has chosen not to publicize them, citing privacy and security. However, RSA officials said they have reached out to affected institutions as well as law enforcement.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×