Download Your Free Trial of WebWatchBot 5.1!

Recent Articles

Belgium Outlaws Hacker Tools, Leaves Security...
When good laws go bad, Belgium opens the door to some seriously fun Google Hacking, by outlawing tools, but not addressing poor security measures in the first place. Google hacking is a great way of testing...

Wireless Network Security Takes A Hit
Fair warning, everyone: due to the work of a Russian security company called ElcomSoft, wireless networks are looking rather less safe than they have in the past. ElcomSoft's researchers claim to have sped up...

Google's Wireless Network Patent
While we all thought Google's Android was merely a way for Google to make it easier for is AdWords ads to appear on your cell phone, a new patent filing...

Decrease In Network Security Attacks
The Aberdeen Group just told me that they released a free report on a decrease in network threats. The highlights are: Best-in-Class companies reported...

Hackers Attack The LHC
The shiny new Large Hadron Collider has been hacked, with hackers taking over the Compact Muon Solenoid detector. The hacker group 2600 of the Greek...

Update Your System To Prevent DNS Exploits
HD Moore has released an exploit module for the Metasploit framework, meaning script kiddies and every other security person and wanna be is going to...


11.03.08

Sinowal Is A Serious Security Threat

By Dan Morrill

RSA Security Blog has a fascinating digest of the Sinowal Trojan, and the idea that is has been in operation since 2006, compromising nearly 300,000 on line banking accounts.

There is always a fascination to malware, in many ways malware can be considered an element of cyberwar because it is one way that someone can penetrate a network leaving few if any traces behind. It is the lack of being able to detect crimeware that makes the Sinowal Trojan so interesting, besides the fact that it has a huge number of variants, but that it is so effective in doing what it is doing.

So, why is Sinowal one of the most serious threats to anyone with an Internet connection? Simply put, Sinowal infects victims' computers without even an inkling of a trace. The criminals behind Sinowal have not only created highly-advanced and malicious crimeware, but have also maintained one of the most hidden and reliable communication infrastructures. This infrastructure has been designed to keep Sinowal collecting and transmitting information for almost three years. In addition, the stolen data has been methodically organized within a well-organized repository. Almost three years is a very, very long time for just one online gang to maintain the lifecycle and operations in order to effectively utilize just one Trojan. Source: RSA Blog

Download Your Free Trial of WebWatchBot 5.1!

What is interesting is the HTML injection feature that only kicks in when someone who has been compromised goes to a specific URL. There are some 2700 urls that the Trojan will tag on, and then capture the credentials of the user allowing someone else to access their bank accounts. Some AV systems will catch it, some will not as the number of variants has been part of the problem. The traditional size/hash value for some of the components keeps on changing, making AV vendors spend time playing catch-up with the Trojan makers.

Over all though this is an interesting case study in the malware, and while it has a cyber warfare possibility, it would not be unreasonable to assume that this is simply crimeware. But whenever you have a Trojan that can just sneak in without anyone noticing that is generally always going to be a bad thing. As the RSA blog states later on, it also collects simple login information, and there were a number of FTP sites that also had their credentials compromised.

Comments


About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.
About NetworkNewz
NetworkNewz editors, writers and contributors focus on both the big picture and the details of networking. At NetworkNewz our goal is to deliver to you The Key To Network Management.





NetworkNewz is brought to you by:

SecurityConfig.com NetworkingFiles.com
ITmanagementNews.com WebProASP.com
DatabaseProNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com
CProgrammingTrends.com ITmanagementNews.com





-- NetworkNewzis an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2008 iEntry, Inc. All Rights Reserved Privacy Policy Legal

archives | advertising info | news headlines | newsletters | comments/feedback | submit article


The Keys To Network Management Ask Questions in the Networking Forum NetworkNewz News Archives About Us Feedback NetworkNewz Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact