Daily Talk Forum
  • Advertise
  • Search
  • Member List
  • Calendar
Hello There, Guest! Login Register
Daily Talk Forum › General Discussions › Webmaster Junction v
« Previous 1 ... 3 4 5 6 7 Next »

Trojan steals access data for 300,000 bank accounts



Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode | Linear Mode
Trojan steals access data for 300,000 bank accounts
cyrano Offline
Diamond Member
*****
Diamond Members

Posts: 3,573
Joined: May 2007
Reputation: 3
Post: #1
Trojan steals access data for 300,000 bank accounts

RSA FraudAction Research Lab reports that Sinowal, alias Torpig and Mebroot, currently the most devious banking trojan, has over the last six months succeeded in stealing the login data for more than one hundred thousand accounts. Among virus specialists, Sinowal is known as a highly developed trojan that intercepts credit-card data and FTP accounts, as well as information about bank accounts. During the past three years, using various versions of Sinowal, the authors of the trojan are reported to have succeeded in grabbing data relating to more than 300,000 different accounts and sending them to a database.

Sinowal injects its own code into the web pages shown in the user's browser so that it can capture the relevant details when the browser user visits a page known to it. It is said to be able to recognize and react to the URLs of around 2700 international banks and providers of financial services. RSA say that precisely how it manages to infect systems cannot be traced. It is probably distributed via infected web sites, among other things such as MPack, a web-attack toolkit it exploited in mid-2007. Analyses by Kaspersky say it uses rootkit techniques in order to hide itself in a system, writing itself into the MBR of the hard disk so that it becomes active as soon as the computer is booted up.

RSA says the most remarkable feature of this trojan is that its authors have managed to maintain the communications infrastructure between the trojan and its database for as long as three years, registering several thousand domains to look after Sinowal's communications. Although the RSA report does not say so, the trojan probably uses what are known as fast-flux service networks.

The precise origin of Sinowal, and the identity of its present masters, can only be speculated on. It was originally thought to be operated by Russian criminals linked to the infamous Russian Business Network (RBN), but, since the infrastructure that supported the RBN is no longer in place, this is not now thought to be the case. RSA wants others to know the results of its observations, and says it has also informed the authorities responsible for investigating crime.
11-03-2008 05:53 PM
Find all posts by this user Quote this message in a reply


« Next Oldest | Next Newest »
Post Reply 


  • View a Printable Version
  • Send this Thread to a Friend
  • Subscribe to this thread
Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Advertise on Daily Talk Forum
  • Webmaster Forum
  • cPanel Hosting
  • SEO Directory
  • Toronto
    • Contact Us
    • Daily Talk Forum
    • Return to Top
    • Lite (Archive) Mode
    • RSS Syndication
    • Help
    • Portal
    • Membership
    • Advertise
    • Banners
    • Privacy
    • Rules

    • Review DTF at Alexa
    • Review DTF at Nortons
    • Site Map

    • Links
    • Your Link Here
    Current time: 01-26-2021, 07:34 AM Powered By MyBB, © 2002-2021 MyBB Group Theme created by Justin S