Unpleasant reading

Started by Rik, Nov 01, 2008, 11:43:17

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Rik

El Reg has a story on the Sinowal trojan.

QuoteA well-organized crime gang has stolen credentials for more than a half-million financial accounts in less than three years using a sophisticated trojan that remains undetectable to the vast majority of its victims, a report published Friday warns.

The haul of bank, credit, and debit card account numbers stolen by the Sinowal trojan is among the largest ever discovered. It was unearthed by researchers at RSA's FraudAction Research Lab. They say the program, which is also known as Torpig and Mebroot, has been operating non-stop for almost three years, an unusually long time in the fly-by-night world of cybercrime.

"Only rarely do we come across crimeware that has been continually stealing and collecting personal information and payment card data, and compromising bank accounts as far back as 2006," RSA researchers wrote.

What's more, Sinowal has only managed to become more productive over time. In the past six months, it has compromised more than 100,000 accounts. Since February, the number of variants has spiked, from fewer than 25 per month to more than 70, according to RSA. The increase helps the malware evade detection by anti-virus programs.

In all, the trojan has infected at least 300,000 Windows machines and stolen 270,000 online banking account numbers and 240,000 credit and debit credentials.

Sinowal is impressive for other reasons as well. Unlike many trojans, it doesn't rely on tricking the end user into clicking on a link or file to get installed. Rather, it spreads silently via websites that prey on unpatched vulnerabilities in the Windows operating system or in third-party applications, such as Adobe Flash and Apple's QuickTime media player.

"This particular trojan can get installed without even awareness of the end-user that they have agreed to anything or that anything has been installed," Sean Brady, manager of identity protection at RSA, said in an interview.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Simon

It's worrying, isn't it?  I'll be keeping a close eye on my bank account / credit card activity.
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Tacitus

Quote from: Simon on Nov 01, 2008, 11:54:40
It's worrying, isn't it?  I'll be keeping a close eye on my bank account / credit card activity.

Will it only install via an admin level account?  Since most people, probably unknowingly, run as admin it could be it requires no password for it to install.

Whether those who run as user would be relatively safe - or at least get a heads up by an admin password request - would be interesting to know.  I do know there was a privilege escalation exploit for QTime a while ago.

One reason I never use file sharing sites......


Rik

Me neither, Tac, I'm just not comfortable opening a machine of mine up to the world.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Simon

It's a shame they can't tell us exactly which financial institutions may have been attacked, then at least we might have some idea as to which accounts to be more vigilant over.
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

I just watch them all like a hawk these days, Simon.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Inactive

Ditto, almost obsessively ... ;)
Anything and everything that I post on here is purely my opinion, it ain't going to change the world, you are under no obligation to agree with me, it is purely my expressed opinion.

Rik

It's a pain doing the rounds each day, isn't it. :(
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Inactive

It is Rik, but peace of mind and all that. ;)
Anything and everything that I post on here is purely my opinion, it ain't going to change the world, you are under no obligation to agree with me, it is purely my expressed opinion.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Sebby

Another one to watch out for. Thanks, Rik.

Glenn

It's a nasty blighter to get rid of too
Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Rik

The voice of experience, Glenn? What lengths did you have to go to?
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Glenn

As far as I know, I have never had it. I was just reading through a few forums about it after you posted, here is one.
Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Tacitus

I think it's getting to the point where even a fairly ordinary domestic setup is going to require a UTM firewall with automatic AV updates done in real time.  That's apart from any machine specific installation.

These things don't come cheap either.  A Zywall 5UTM comes in at near £600 and that's by no means the most expensive.

Rik

I agree, Tac, which is why I'm thinking that the time will come when we'll use dumb terminals and all the security will be handled at the ISP end. :(
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Tacitus

Quote from: Rik on Nov 01, 2008, 16:10:54
I agree, Tac, which is why I'm thinking that the time will come when we'll use dumb terminals and all the security will be handled at the ISP end. :(

Just like the good old days of mainframes and green screens.   ;D

Rik

Indeed. They had a benefit. :)
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

esh

Had a strange £5 transaction come up on one of our cards recently. It was obviously a phone top up thing, but from the other side of the country... suspicious, yes? Ironically, they wouldn't block the card until there had been three "suspicious transactions". Had to really push about it. Don't you think that's rather odd? Who knows where the details got leaked. Seems the UK is bit like a sieve for customer data protection.
CompuServe 28.8k/33.6k 1994-1998, BT 56k 1998-2001, NTL Cable 512k 2001-2004, 2x F2S 1M 2004-2008, IDNet 8M 2008 - LLU 11M 2011

Sebby


Inactive

It certainly appears to be getting worse. >:(
Anything and everything that I post on here is purely my opinion, it ain't going to change the world, you are under no obligation to agree with me, it is purely my expressed opinion.