Feeds

Security researchers lift the lid on Torpig banking Trojan

300K bank accounts compromised by backdoor code

Top three mobile application threats

Security researchers at RSA have uncovered how a banking Trojan may have stolen the login credentials of as many as 300,000 online bank accounts.

The Sinowell (AKA Torpig) trojan has also lifted email and FTP account login details. Previous attempts to track the source of the Trojan have run into blind alleys.

One popular theory is that the malware authors behind the trojan are in the same gang as the group who ran the infamous Russian Business Network (RBN). RSA's analysis suggests that the authors of Sinowell may have been at least affiliated with the Storm worm gang in the past but are now running the malware through hosting facilities unaffiliated to the RBN.

RSA is in liaison with computer emergency response teams and other appropriate parties in an effort to take down the network controlled by the Sinowell trojan.

The malware, variants of which first appeared in 2006, takes considerable pains to conceal its presence on compromised machines

In addition, the communication infrastructure behind the trojan is sophisticated and well maintained.

"The creators of the Sinowal Trojan periodically release new variants and register thousands of Internet domains for its communication resources. The purpose of this is to maintain the Trojan’s uninterrupted grip on infected computers," a posting on the RSA security blog explains.

More details on the malware can be found in a post made by RSA on its security blog here. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Burnt out on patches this month? Oracle's got 104 MORE fixes for you
Mass patch for issues across its software catalog
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
Oracle working on at least 13 Heartbleed fixes
Big Red's cloud is safe and Oracle Linux 6 has been patched, but Java has some issues
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.