Slashdot Mirror
MBR Trojan Approaching the 3-Year Mark
bl8n8r writes "Still going strong since February 2006, the 'Sinowal' Master Boot Record infector (also called 'Torpig' and 'Mebroot' by various anti-virus companies) has compromised more than half a million financial accounts. An HTML injection engine adds fields to login pages to compromise credentials. Injection is triggered by the Web addresses — more than 2,700 bank and e-commerce sites are hard-coded into the malware. 'RSA investigators found more than 270,000 online banking account credentials, as well as roughly 240,000 credit and debit account numbers and associated personal information on Web servers the Sinowal authors were using to set up their attacks.' The majority of anti-virus and anti-malware scanners do not detect this threat."
Since this thing is understood, it's possible to inject phony credit card numbers into the attack. If law enforcement and a bank worked together on this, they could inject flagged credit card numbers and watch where they were used, then make some arrests. For that matter, a denial of service attack could be made against the attacker by injecting huge numbers of bogus credit card numbers, the use of any of which triggered law enforcement attention.
Maybe when Bush is gone, and the FBI and Justice Department get some decent management, we'll see some action in this area. This is what FBI Baltimore should be doing, instead of sending out child porno and seeing who bites.
There is another reason for not really needing to comment: Slashdot needs a special tag for stories that include this implicitly or by implication. That information is:
The majority of anti-virus and anti-malware scanners do not detect this threat.
For such stories, we need to call bullshit and throw spam like emails at the majority of anti-virus company's email servers.
It's one thing to say you are selling really nice tasting lemonade that helps your body fight disease by assisting your body with vitamin C. It's another to say you don't need to take anything else to help your body by our lemonade. That is the trouble with non-F/OSS software; they claim to have the answers. This is no better than selling snake oil IMO when you consider the condition of many if not most home users PC systems.
There are many times in the USA when the fucking cure is worse than the disease. Antivirus companies are part of that 'issue'
Support NYCountryLawyer RIAA vs People
You know that part on the label on cold medicines that says not to operate heavy machinery? When you buy an antivirus software package, are there any warning labels? Nope. This is what leads to my complaint. There are large numbers of people that think their original one year license for Symantec et al is good enough for the life of the PC, and nobody is telling them any different. Nor is anyone telling them that what they got for free with the PC will not keep up with malware, and that they are going to have to keep paying and paying if they want to use that program. This is a large portion of why Windows machines are so vulnerable. Even though Windows fanbois like to claim that Linux is for advanced users and not average users, those same users are making Windows a target for virus writers. The other portion is the vast security holes left in Windows production software.
Antivirus companies and MS will NEVER make Windows safe for two reasons: Nobody really wants to pay a yearly subscription and the people they sell to have NO FUCKING CLUE how to keep their machine(s) safe. You and I might know how to get rid of a MBR virus, but aunt bettie doesn't, and won't without a lot of training. FerChrisSakes, you first have to explain what a boot record is. Does training come with a Windows license? Do you need to pass a state level exam to operate a PC? nope. The problem will persist and will not get any better until antivirus companies start trying to educate. It will not get any better till your average Windows users understands that they have to work hard to administer their system to avoid infections and malware.
Without education, the problem will continue... ad infinitum!
That's why I think there should be a tag for it
Support NYCountryLawyer RIAA vs People
'RSA investigators found more than 270,000 online banking account credentials, as well as roughly 240,000 credit and debit account numbers and associated personal information on Web servers the Sinowal authors were using to set up their attacks.'
Yet people still look at me like I'm a cave man when I refuse to do online banking...
---
"I can't complain, but sometimes still do..." Joe Walsh
While I agree, I would hope other nations uphold lawful behavior as a virtue, these men are still breaking Russian laws.
But it's the essence of corruption. We cannot expect Russia to help us. We cannot expect China to help us. So, why do we let them peddle their packets in our networks? That might motivate them, but it will definitely reduce the security risks we face.
Modding me -1 troll doesn't make me wrong.
I know that it's popular to blame Bush for all the ills of the world, but it is short sighted and unrealistic. If you want to bash him over things for which he is truly responsible, feel free. There's lots of material. Blaming him for this, though, is just lame.
One can certainly blame bush for focusing way too many resources on his war on terror and thus away from actual crimes like this one. Besides, nobody was "blaming him for this" they were blaming bush for not doing anything about this.
When information is power, privacy is freedom.
Are tags and labels not a form of education?