MBR Trojan Approaching the 3-Year Mark

bl8n8r writes "Still going strong since February 2006, the 'Sinowal' Master Boot Record infector (also called 'Torpig' and 'Mebroot' by various anti-virus companies) has compromised more than half a million financial accounts. An HTML injection engine adds fields to login pages to compromise credentials. Injection is triggered by the Web addresses — more than 2,700 bank and e-commerce sites are hard-coded into the malware. 'RSA investigators found more than 270,000 online banking account credentials, as well as roughly 240,000 credit and debit account numbers and associated personal information on Web servers the Sinowal authors were using to set up their attacks.' The majority of anti-virus and anti-malware scanners do not detect this threat."

dupe

[symbolset]

No point in commenting on this since the previous story is still on the main page.

The majority of anti-virus/anti-malware?

[morgan_greywolf]

Wow. ClamAV and AVG both detect Sinowal. Both are free as in beer and ClamAV is free as in speech.

Re:What efforts are being made to find the operato

[BungaDunga]

Who says the people grabbing the card numbers are the ones who eventually use them? The guys controlling the virus probably just sell them en masse to someone else.

Re:What efforts are being made to find the operato

[KermodeBear]

Maybe when Bush is gone, and the FBI and Justice Department get some decent management, we'll see some action in this area.

Yeah, because I'm sure that the priority of every president is credit card fraud.

I know that it's popular to blame Bush for all the ills of the world, but it is short sighted and unrealistic. If you want to bash him over things for which he is truly responsible, feel free. There's lots of material. Blaming him for this, though, is just lame.

clamav did NOT detect it

[circletimessquare]

read the story again, it links to virustools, which lists the 10 out of 35 vendors that made the detection. antivir did (mine, phew)

Re:we need an antivirus vendor

[BlueStrat]

that supplies cd images online with their own mini boot os, updated monthly, that you download, burn, and then reboot into via cd

90% of users wouldn't bother. its just a giant hassle. but amongst the ultraparanoid, which you are if you know even just a little about what goes on out there, it would be a nice piece of mind guarantor

of course, this product probably already exists. in which case PLEASE TELL ME WHERE ;-)

Why not simply boot into a live CD whenever you want to do online banking or other such sensitive tasks if you're that paranoid? Nearly all allow for writing to the hard drive, so it's not a problem to save any data you want around after the task is completed like online statements, etc. If you're really paranoid, use Anonym.OS put together by Kaos.Theory Security Research and based on OpenBSD with hard encryption and use of TOR as defaults?

Download here: http://sourceforge.net/projects/anonym-os/

More information: http://kaos.to/cms/projects/releases/anonym.os-livecd.html

Cheers!

Strat

Re:No surprise

[Ihmhi]

A buddy of mine works for a company that designs software for use in police cruisers and the stations. They can also cross-reference data between other systems.

To access the master server where all of the cross-referenced data is aggregated, you need one of those tokens. For the uninformed, it's a small device about the size of a flash drive with a constantly rotating number that is in sync with an encryption scheme on the server. It rotates every 30-60 seconds as I recall.

If it's good enough to secure the loads of personal information that's sure to be contained in said records, than why don't our banks employ such a system? It would certainly go a long way towards reducing fraud IMO.