Trojan steals access data for 300,000 bank accounts

Look in this specific forum for newly found security threats which may not yet be covered by your usual security software

Moderators: Admin Team, Moderators

User avatar
gerardwil
Visiting Admin\Mod
Visiting Admin\Mod
Posts: 93
Joined: Fri Jan 04, 2008 2:30 am
experience: I know the functions, OS settings, registry tweaks and more
PC time: Alot more than I should
Location: Netherlands
Contact:

Trojan steals access data for 300,000 bank accounts

Postby gerardwil » Mon Nov 03, 2008 11:06 am

Sinowal injects its own code into the web pages shown in the user's browser so that it can
capture the relevant details when the browser user visits a page known to it. It is said to be able to recognize and react to the URLs of around 2700 international banks and providers of financial services. RSA say that precisely how it manages to infect systems cannot be traced. It is probably distributed via infected web sites, among other things such as MPack, a web-attack toolkit it exploited in mid-2007. Analyses by Kaspersky say it uses rootkit techniques in order to hide itself in a system, writing itself into the MBR of the hard disk so that it becomes active as soon as the computer is booted up.

RSA says the most remarkable feature of this trojan is that its authors have managed to maintain the communications infrastructure between the trojan and its database for as long as three years, registering several thousand domains to look after Sinowal's communications. Although the RSA report does not say so, the trojan probably uses what are known as fast-flux service networks.

The precise origin of Sinowal, and the identity of its present masters, can only be speculated on. It was originally thought to be operated by Russian criminals linked to the infamous Russian Business Network (RBN), but, since the infrastructure that supported the RBN is no longer in place, this is not now thought to be the case. RSA wants others to know the results of its observations, and says it has also informed the authorities responsible for investigating crime.


heise

Return to “EMERGING SECURITY THREATS!”

Who is online

Users browsing this forum: No registered users and 2 guests