Cyberwarfare Magazine

Warfare in the Information Age

Bank Account Stealing Trojan Rampaging the Internet

leave a comment »

The details of about 500,000 online bank accounts and credit and debit cards have been stolen by a trojan

The details of about 500,000 online bank accounts and credit and debit cards have been stolen by a trojan

BBC News reports that a trojan, labeled Sinowal, has been crawling across the Internet. The Trojan is notorious for stealing bank account details. Sean Brady of RSA‘s security division reports that “more than 270,000 banking accounts and 240,000 credit and debit cards have been compromised from financial institutions in countries including the US, UK, Australia and Poland.[1]” According to Sophos researchers, 14 computers per seconds were infected by Sinowal in 2008[2].

The Trojan is also known as Torpig and Mebroot and has now been discovered 2 years ago, in 2006, which means it has been collecting information for now 2 years. It uses the drive-by download method to download itself, which means it download and install itself without the user’s knowledge. In the case of this particular Trojan, this is done mainly thought malicious links and HTML injection attacks.

The Trojan installs itself on the master boot record and his polymorphic, making it hard to detect and to remove[3]. RSA suspects that the Sinowal had strong ties to a cybercriminal gang known as the Russian Business Network.


[1] “Trojan virus steals banking info”, Maggie Shiels, BBC News, October 31, 2008, http://news.bbc.co.uk/2/hi/technology/7701227.stm (accessed on November 2, 2008)

[2] Idem

[3] “RSA Cracks Down on Legendary Sinowal Trojan“, Richard Adhikari, Internet News, October 31, 2008, http://www.internetnews.com/security/article.php/3782221/RSA+Cracks+Down+on+Legendary+Sinowal+Trojan.htm (accessed on November 2, 2008)

Advertisements

Written by Jonathan Racicot

November 2, 2008 at 8:45 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: