RSA Found New Banking Trojan Sinowal Running for Three Years

A well-organized and sophisticated cyber crime gang has stolen log-ins of over 300,000 Internet bank accounts and a similar number of credit cards in nearly three years through a malicious Trojan horse (Sinowal), said RSA Security Inc., an online security company.

RSA researchers have traced the origin of Sinowal Trojan, also called Torpig and Mebroot, to a server containing stolen credentials. Moreover, the Trojan has the potential to steal details of e-mail and FTP account. Earlier attempts of security experts to trace the origin of malicious Trojan led them to blind alleys. Users' computers get infected without their knowledge by just visiting to a website hosting Sinowal malicious code along with booby-trap.

As for the origin of the Trojan, one theory says that the Sinowal Trojan is a creation of the same malware authors who were involved in running RBN (Russian Business Network). RSA analysis also reveals that writers of Sinowal Trojan might be associated with the notorious Storm worm group in the past, but now they are sending malware through hosting services not associated with the RBN.

RSA also disclosed that the Trojan has been active since February 2006. Maintaining the malware lifecycles is a hard task and requires lots of resources and efforts.

The Trojan is very unique because of its sheer enormity and scale. It is believed that the gang running this Trojan has succeeded to access around one and half million online bank accounts and credit cards, a very huge and extraordinary volume, said Sean Brady, Product Marketing Manager, RSA, as reported by computerworld on October 31, 2008.

In addition, the authors of Sinowal Trojan release new variants after a specific time period and register thousands of domains for its spreading. This helps them to maintain the grip of Trojan on the infected machines, said RSA.

Further, the Trojan has been constantly revised, but there are times when authors release a large number of variants. For instance, the number of new variants of the Trojan during February 2008 was very less, but increased significantly in the month of June 2008. During August 2008 and October 2008, the volume further declined to a new level.

Related article: RSA Attendees Responsible for Wireless Vulnerability

» SPAMfighter News - 19-11-2008

 

All SPAMfighter products offer a free trial!

SPAMfighter box shot

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

SLOW-PCfighter

Optimize your Slow PC for better performance. Try FREE scan now

Full disk or slow disk?
Disk space recovery
and disk optimization. Try FULL-DISKfighter free


Spam Filter for Exchange Server

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove spyware

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software

Antivirus software for your Windows PC - Free 30 days trial

<<<  >>> 

Compatible with Windows 7

Works with Windows Vista

SPAMfighter is

Microsoft Gold Certified Partner

Intel Software Partner