Trojan Sinowal Infecting Websites at Fast Pace
Researchers at Sophos said that they had observed a notable rise in the total number of Sinowal-infecting URLs in recent weeks, with trojans still dictating the overall malware trend.
According to the researchers, the present variants of Trojan Sinowal that characteristically diverts online surfers' Web browsers to malevolent content act more sophisticated compared to older variants. Like earlier, the attack's ultimate aim is to install bank credential stealing malicious programs (malware) on end-users' computers.
However, despite the Trojan is committed to its treacherous behavior, the total number of websites engaged to transmit the malware is comparatively fewer than other attacks.
Modern Sinowal scripts contain algorithm that helps in customizing themselves each day as they appear in multiple versions. These versions are consisted of an iframe blow, a time bound domain redirection, and a change of that redirection based on users' data downloaded through the social-networking website Twitter.
Moreover, the security researchers have stated that by using the Twitter code, Sinowal's supporters appear to be shifting their attack patterns to exploit new methods and they continue with their "low and slow" distribution campaigns.
It is reported that many editions of the Sinowal scripts have already been identified. A particular yields target domain on the basis of data mined from Twitter.
In this attack when the hijacked web page is displayed, the Sinowal script effectively recovers search data downloaded via Twitter and utilizes that data within its algorithm for domain generation. Security researchers say that the latest rise in Sinowal detections seems to be because of scripts related to this technique.
A considerable number of the websites are currently hosted in Italy, as per Sophos. A certain ISP seems to be networked with a range of compromised websites.
The scanty employment of Sinowal seems to show that there is an increasing tendency among malware distributors to be choosy about the use of their comparatively more efficient botnets and attacks instead of continuously using them in high speed and drawing the attention of the security community.
Related article: Trojans to Target VoIP in 2006
» SPAMfighter News - 04-08-2009