[gui-talk] Fwd: Be Aware of Trojan That StealsBanking Info

[Joel Deutsch]

Okay. So what are we, as users and Web habitués, supposed to do in order to 
minimize our exposure to this? I read the BBC article and it doesn't seem to 
provide any such advice. Run your antivirus program hourly? Don't surf the 
Web?

----- Original Message ----- 
From: "Steve Pattison" <srp at internode.on.net>
To: "GUI Talk" <gui-talk at nfbnet.org>; "vip-l" <vip-l at softspeak.com.au>
Sent: Wednesday, November 05, 2008 4:59 AM
Subject: [gui-talk] Fwd: Be Aware of Trojan That StealsBanking Info


From: Parker at Vip conduit Vipcomm at mchsi.com
To: Accessible Devices a-d at accessible-devices.com

This article is well worth reading.

BBC NEWS
Trojan virus steals banking info
By Maggie Shiels
Technology reporter, BBC News, Silicon Valley
The details of about 500,000 online bank accounts and credit and debit
cards
have
been stolen by a virus described as "one of the most advanced pieces of
crimeware
ever created".
The Sinowal trojan has been tracked by RSA, which helps to secure
networks
in Fortune
500 companies.
RSA said the trojan virus has infected computers all over the planet.
"The effect has been really global with over 2000 domains compromised,"
said
Sean
Brady of RSA's security division.
He told the BBC: "This is a serious incident on a very noticeable scale
and
we have
seen an increase in the number of trojans and their variants,
particularly
in the
States and Canada."
The RSA's Fraud Action Research Lab said it first detected the Windows
Sinowal trojan
in Feb 2006.
Since then, Mr Brady said, more than 270,000 banking accounts and
240,000
credit
and debit cards have been compromised from financial institutions in
countries including
the US, UK, Australia and Poland.
Security companies recommend that PC owners keep anti-virus programs up
to
date and
regularly scan their machine for malicious software.
The lab said no Russian accounts were hit by Sinowal.
"Drive-by downloads"
RSA described Sinowal as "one of the most serious threats to anyone with
an
internet
connection" because it works behind the scenes using a common infection
method known
as "drive-by downloads"."
Users can get infected without knowing if they visit a website that has
been
booby-trapped
with the Sinowal malicious code.
Mr Brady said the worrying aspect about Sinowal, which is also known as
Torpig and
Mebroot, is that it has been operating for so long.
"One of the key points of interest about this particular trojan is that
it
has existed
for two and a half years quietly collecting information," he said. "Any
IT
professional
will tell you it costs a lot to maintain and to store the information it
is
gathering.
"The group behind it have made sure to invest in the infrastructure no
doubt
because
the return and the potential return is so great."
RSA's researchers said the trojan's creators periodically release new
variants to
ensure it stays ahead of detection and maintain "its uninterrupted grip
on
infected
computers."
While RSA's lab has been tracking the trojan since 2006, Mr Brady
admitted
that they
know a lot about its design and infrastructure but little about who is
behind Sinowal.
"There is a lot of talk about where it comes from and anecdotal evidence
points to
Russia and Eastern Europe. Historically there have been connections with
an
online
gang connected to the Russian Business Network but in reality no one
knows
for sure."
That he said is because the group is able to use the web to cloak its
identity.
Infection
In April 2007, researchers at Google discovered hundreds of thousands of
web
pages
that initiated drive-by downloads. It estimated that one in ten of the
4.5
million
pages it analysed were suspect.
Sophos researchers reported in 2008 it was finding more than 6,000 newly
infected
web pages every day, or about one every 14 seconds.
RSA's fraud action team said it noticed a spike in attacks from March
through to
September this year.
That is backed up by another online security company called Fortinet. It
said from
July 2008 to September 2008 the number of reported attacks rose from 10m
to
30m.
This included trojans, viruses, malware, phishing and mass mailings.
"The explosion in the number of attacks is alarming," said Derek Manky
of
Fortinet.
"But trojans are just one of the players in the game wreaking havoc in
cyberspace."
Remedies
While attacks are on the increase, there are some simple steps that
users
can take
to protect their information besides using security software.
"We have a saying here which is 'think before you link,'" said Mr Manky.
"That just means observe where you are going on the web. Be wary of
clicking
on anything
in a high traffic site like social networks.
"A lot of traffic in the eyes of cyber criminals means these sites are a
target because
to these people more traffic means more money," he said.
RSA also urged users to be wary if their bank started asking for
different
forms
of authentication such as a social security number or other details.
"People think not clicking on a pop up or an attachment means they are
safe.
What
people don't realise now is that just visiting a website is good enough
to
infect
them."
RSA said it is co-operating with banks and financial institutions the
world
over
to tell them about Sinowal. It has passed information about the virus to
law
enforcement
agencies.
Story from BBC NEWS:
http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/7701227.stm
Published: 2008/10/31 13:15:28 GMT
© BBC MMVIII

Regards Steve
Email:  srp at internode.on.net
Windows Live Messenger:  internetuser383 at hotmail.com
Skype:  steve1963


_______________________________________________
gui-talk mailing list
gui-talk at nfbnet.org
http://www.nfbnet.org/mailman/listinfo/gui-talk_nfbnet.org
To unsubscribe, change your list options or get your account info for 
gui-talk:
http://www.nfbnet.org/mailman/options/gui-talk_nfbnet.org/jdeutsch%40dslextreme.com