Our team of researches surfs the Internet on an everyday basis in search of the latest registry news and relevant information useful to visitors. This site strives to provide exciting registry information with two basic principles; Simplicity and Quality, with reference to the best information on registries.
The writers of the site present articles illustrated with images, while ensuring that the articles are both clear and concise in order to provide professional, yet easy to understand articles. Registry products and problems are analyzed and evaluated so as to present visitors with professional and factual articles. More...
Jan
30th

Sinowal’s Endurance: The Most Booming Trojan is Back!

Author: Indre | Files under Fix slow PC

I decided to write about Sinowal also known as Torpig as it has been around for three years and is stilltrojan_horjpg.jpg spreading strongly. According to security experts Sinowal is the most dangerous and sophisticated malware ever created. Hiding below the operating systems, controls applications, and morphs it can even take over Internet sessions. It should be noted that there are different versions of this malware existing, the latest ones include more features.

According to RSA FraudAction Research Lab which has been following the Sinowal trojan for over three years, since February 2006, the Sinowal Trojan has compromised and stolen login credentials from approximately 300,000 online bank accounts including a similar number of credit and debit cards. E-mail and FTP accounts from various websites were also compromised or stolen. Moreover, in November 2008 it stole the details of about 500,000 online bank accounts and credit and debit cards and it is said to be one of the most advanced pieces of crimeware ever created.

Be aware of the fact that different companies identify the Trojan Sinowal differently, for example:

Troj/Mbroot-A [Sophos],
StealthMBR [McAfee],
TROJ_SINOWAL.AD [Trend],
StealthMBR!rootkit [McAfee].

Sinowal uses the normal means to gain access to a computer, the major part of the infections were done via e-mail links. Having full control over the internet session the trojan dynamically injects it's own malicious HTML code into the banking website to either steal existing stealing.jpginformation or to steal additional information. And this is done after the user is logged in to what is for all intense purposes the authenticated secure banking website. For this reason almost all users are misleaded as they are sure that they are not visiting phishing site.

It seemed that Sinowal was disappearing in the first part of 2008. Unfortunately, it was too early to celebrate the victory over this Threat! RSA article indicate that the reason of it's revival could be the periodical release of new variants of the Sinowal Trojan.

Resources:
The most dangerous Sinowal Trojan
Sinowal is stealing sensitive data
Identifying The Sinowal Trojan
Description of Sinowal

 

Post a Comment

Security Code: